Assistant Manager, IT
Airport Authority Hong Kong · Hong Kong, Hong Kong SAR
- On site
- Full-time
- HK$450,000 / year
- Hong Kong, Hong Kong SAR
Job highlights
- Manage IT security risk for critical infrastructure.
- Ensure compliance with CI Ordinance and PII.
- Lead security assessments and risk mitigation.
- Conduct IT security audits and vulnerability management.
- Develop and deliver security awareness training.
About the role
About Airport Authority Hong Kong
Airport Authority Hong Kong (AA) manages and operates Hong Kong International Airport, one of the finest and busiest airports in the world. We now invite high calibre talent with creativity and passion to join us for a rewarding and meaningful career journey. We care for our people and provide colleagues with a fair, open and supportive workplace. By joining us, you will contribute to the continued success and growth of a key infrastructure and economic engine of Hong Kong, gaining invaluable experiences in a unique environment and enjoying boundless opportunities to unleash your full potential. Together we will share the pride of our leadership status in the global aviation industry and our commitment to sustainability.Job Description
Support for Risk Management for all IT Systems, to ensure compliance with Critical Infrastructure (CI) Ordinance, best industrial practices, Personally Identifiable Information (PII) requirements for the identified Critical Computer Systems (CCS) and prepare reports for top management approval mandated by CI ordinance. Lead risk-based assessment, manage the framework and process to ensure the security assessment should be (a) conformance to established policies and guidelines and (b) identify security risks exposure with recommendation for risk mitigation. Maintain up-to-date Risk Register on identified Information Technology/security potential risk and in accordance with Critical Infrastructure (CI) Ordinance. Prepare and support IT security audit exercise with internal and external parties to fulfill the regulatory requirements of Security Audit (SA). Perform compliance audit and security risk assessment to IT systems. Also, manage security test exercises, including reviewing the test results, procurement process, vendor management. Provide technical advice on security requirements and recommend the security measures. Manage security related projects including solution design, tender preparation, vendor management, project implementation, with collaboration with various stakeholders. Assist decision making and define security requirements for deploying security technologies. Contribute to various security projects with ability to review and assess the security solution architecture design. Manage and monitor vulnerability management and coordinate with patch management activities with different IT teams for fixing or migration to protect the system and maintain the system's performance and availability. Timely patching to mitigate weak links to explore risks and protect the Authority from cyber threats. Support vulnerability management and scanning cycle of the IT systems and especially on the identified Critical Computer Systems (CCS). Assist in defining the procedures and frameworks for Security Assessment and manage the Threats and Vulnerabilities Management including, vulnerability scanning, analysis of the risk, prioritization and mitigation plan to fulfill the regulatory requirements of Security Risk Assessment (SRA). Maintain and support security awareness initiatives by developing and delivering comprehensive training programs, workshops and cybersecurity drills. Promote and provide education/training to diverse range IT users, staff on cybersecurity, share the best practices and enhance their awareness of emerging threats and attack vectors.Key skills/competency
- IT Security Risk Management
- Critical Infrastructure Ordinance Compliance
- Personally Identifiable Information (PII) Protection
- Security Assessment Frameworks
- Risk Register Maintenance
- IT Security Audits (SA)
- Compliance Audits
- Security Risk Assessments (SRA)
- Vulnerability Management
- Security Awareness Training
Skills & topics
- IT Security
- Risk Management
- Cybersecurity
- Compliance
- Critical Infrastructure
- Vulnerability Management
- IT Audit
- Information Security
- Airport Operations
- Hong Kong
How to get hired
- Tailor your resume: Highlight your IT security risk management and compliance experience, especially with Critical Infrastructure (CI) Ordinance and PII. Quantify achievements where possible.
- Showcase relevant certifications: Emphasize any professional certifications like CISA, CISM, CISSP, CRISC, or ISO27001 Lead Auditor.
- Demonstrate technical skills: Detail your experience with security assessment tools (Nessus, Tenable), SIEM, EDR, and network security concepts. Mention specific OS and cloud platforms.
- Emphasize industry experience: If you have experience in aviation or critical infrastructure sectors, make this prominent in your application.
- Prepare for behavioral questions: Be ready to discuss how you handle risk, manage projects, and collaborate with stakeholders.
Technical preparation
Master IT risk assessment frameworks.,Practice with security assessment tools.,Understand CI Ordinance and PII regulations.,Review network security and cloud concepts.
Behavioral questions
Describe a complex security risk you managed.,How do you ensure compliance with regulations?,Explain your approach to vendor management.,How do you handle cybersecurity awareness training?
Frequently asked questions
- What are the key IT security responsibilities for the Assistant Manager role at Airport Authority Hong Kong?
- The Assistant Manager, IT Security and Risk Management at Airport Authority Hong Kong will be responsible for supporting risk management for all IT systems, ensuring compliance with the Critical Infrastructure (CI) Ordinance, PII requirements, and industry best practices. This includes leading risk-based assessments, maintaining the risk register, supporting IT security audits, performing compliance audits, managing vulnerability and patch management, and developing security awareness initiatives.
- What specific IT security certifications are beneficial for this Assistant Manager position?
- While not strictly mandatory, professional certifications in Information Security, Cybersecurity, or Risk Management are highly advantageous. Examples include Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and ISO27001 Lead Auditor. Highlighting these on your resume can significantly strengthen your application for the Assistant Manager, IT Security and Risk Management role.
- Does Airport Authority Hong Kong prefer candidates with experience in specific security tools for the Assistant Manager role?
- Yes, Airport Authority Hong Kong prefers candidates with hands-on experience in managing security solutions and tools. This includes familiarity with assessment and scanning tools like Nessus, Kyle, Tenable, SonarQube, SIEM, and EDR. Experience with security technologies such as DLP and PAM is also valued for this Assistant Manager position.
- What kind of IT environment can I expect working as an Assistant Manager at Airport Authority Hong Kong?
- You can expect to work in a large-scale IT environment managing Hong Kong International Airport. This involves dealing with critical infrastructure, ensuring compliance with stringent regulations like the CI Ordinance, and managing a wide range of IT systems, including operating systems (Windows, Redhat Linux), common IT products (MS Exchange, Active Directory), cloud platforms (Azure, AWS), and modern technologies like GenAI and AI agents. Collaboration with various IT teams and stakeholders is a key aspect of this role.
- Is experience in the aviation industry required for the IT Assistant Manager role?
- While not strictly required, proven experience in the security team of companies within the aviation industry, critical infrastructure companies, or comparable organizations is considered an advantage for the Assistant Manager, IT Security and Risk Management position. This experience demonstrates a strong understanding of the unique security challenges in such environments.