A highly-diversified and global corporation, the Swire Group’s businesses encompass property, aviation, beverages and food chain, as well as marine and trading & industrial activities. Its core businesses are mainly focused in Asia, with its key operations in Hong Kong and the Chinese Mainland. Within Asia, Swire's activities come under the Group's publicly quoted arm, Swire Pacific Limited, which is the largest shareholder in two Hong Kong listed companies: Swire Properties and Cathay Pacific Airways.

John Swire & Sons (H.K.) Limited is the holding company of the publicly-listed conglomerate, Swire Pacific Limited. Our Cybersecurity Department is now expanding, and inviting candidates to apply for the following position:

Assistant Manager, Digital Security

This role will identify, assess, evaluate, and monitor risks from a digital security standpoint, enabling the enhancement of Swire Group’s overall security postures during digital transformation. The role will manage TVM, Red Team Attack Simulation, and Attack Surface Management (ASM) Service Line covering all operating companies.

Responsibilities:
Manage regular penetration testing and vulnerability scanning for existing web and mobile applications, coordinate the go-live penetration testing for new applications for operating companies of Swire Group
Effectively communicate the test results with technical and non-technical stakeholders to ensure understanding and proper follow-up, and track the remediation with operating companies
Drive and coordinate group Red Teaming exercises to evaluate the organisation's security defence capabilities, providing regular updates and detailed reports to on findings and improvement measures
Enable a risk-based environment, contribute to the Group risk management process, and promote a strong risk-aware culture through delivering digital risk awareness programmeand training for stakeholders
Develop and implement appropriate mitigating controls together with operating companies to address emereging digital risks, e.g. Web Application Firewall enablement
Define security requirements for digital applications, and coordinate security risk assessment for non-standard digital solutions e.g. vendor Saa S, and ensure security requirements are integrated into the development lifecycle of digital products
Create and maintain a risk register for digital assets and ensure all identified risks are mitigated. Establish digital risks reporting dashboard to highlight related risks to operating companies and senior management
Establish and maintain the Critical Digital Asset (Crown-Jewels) policies, standards, and processes, ensuring compliance with industry standards and best practices
Stay up-to-date on emerging security threats, vulnerabilities, and trends in digital and application security, implementing appropriate countermeasures and updating security controls to address new threats

To be successful in this role, you must have:
A Bachelor’s degree in Information Security Management, Computer Science and Technology, Network and Telecommunication, or Information Systems Management
A minimum of 5 years’ information security/cybersecurity working experience, with at least 3 years in digital security, vulnerability management and penetration testing
Professional certifications such as CISSP, OSCP, OSWE, GPEN, GWAPT are preferred
Hands-on expertise in digital and application security, with a particular focus on conducting comprehensive penetration tests and thorough vulnerability scanning to identify, assess, and mitigate security risks effectively
Well-versed in Red Teaming methodologies, approaches, and tools, demonstrating an in-depth understanding of adversarial simulation techniques to rigorously test and enhance the organization's security defense
Solid understanding of Attack Surface Management (ASM) platforms, with the ability to effectively utilize these tools to continuously identify, monitor, and mitigate potential vulnerabilities across the organization's digital footprint
Possess comprehensive knowledge of Web Application Firewalls (WAF), including their deployment, to effectively protect web applications from common threats and vulnerabilities
Proficient in Power BI for data visualization, analysis and dashboarding. Experience with Share Point development would be considered a valuable skill
Excellent verbal and written communication skills in English, Mandarin, and Cantonese

anagement process, and promote a strong risk-aware culture through delivering digital risk awareness programmeand training for stakeholders

Develop and implement appropriate mitigating controls together with operating companies to address emereging digital risks, e.g. Web Application Firewall enablement
Define security requirements for digital applications, and coordinate security risk assessment for non-standard digital solutions e.g. vendor Saa S, and ensure security requirements are integrated into the development lifecycle of digital products
Create and maintain a risk register for digital assets and ensure all identified risks are mitigated. Establish digital risks reporting dashboard to highlight related risks to operating companies and senior management
Establish and maintain the Critical Digital Asset (Crown-Jewels) policies, standards, and processes, ensuring compliance with industry standards and best practices
Stay up-to-date on emerging security threats, vulnerabilities, and trends in digital and application security, implementing appropriate countermeasures and updating security controls to address new threats

To be successful in this role, you must have:
A Bachelor’s degree in Information Security Management, Computer Science and Technology, Network and Telecommunication, or Information Systems Management
A minimum of 5 years’ information security/cybersecurity working experience, with at least 3 years in digital security, vulnerability management and penetration testing
Professional certifications such as CISSP, OSCP, OSWE, GPEN, GWAPT are preferred
Hands-on expertise in digital and application security, with a particular focus on conducting comprehensive penetration tests and thorough vulnerability scanning to identify, assess, and mitigate security risks effectively
Well-versed in Red Teaming methodologies, approaches, and tools, demonstrating an in-depth understanding of adversarial simulation techniques to rigorously test and enhance the organization's security defense
Solid understanding of Attack Surface Management (ASM) platforms, with the ability to effectively utilize these tools to continuously identify, monitor, and mitigate potential vulnerabilities across the organization's digital footprint
Possess comprehensive knowledge of Web Application Firewalls (WAF), including their deployment, to effectively protect web applications from common threats and vulnerabilities
Proficient in Power BI for data visualization, analysis and dashboarding. Experience with Share Point development would be considered a valuable skill
Excellent verbal and written communication skills in English, Putonghua, and Cantonese

Application:
At Swire, we are committed to creating an inclusive and supportive working environment for all our people regardless of their age, gender, gender identity, sexual orientation, relationship, family status, disability, race, ethnicity, nationality, religious or political beliefs. We believe in creating an environment where people feel comfortable at work and are able to realise their full potential.

We offer a competitive package to the right candidate. If you meet the qualifications and are interested in this position, you can send your application by clicking ‘Apply Now’. We will contact all shortlisted candidates.

The Swire group is an equal opportunity employer. All applications will be used exclusively for selection purposes and handled confidentially by authorised personnel only. Your application may also be considered for other suitable positions within the Swire group (please indicate clearly on your application if you would not like to be considered for other positions within the group.) Following the data privacy ordinance, all unsuccessful applications will be destroyed after an appropriate time.

Full-time,Permanent