Senior Manager IT Security and Governance

Senior Manager IT Security and Governance

We are seeking a seasoned IT governance and cybersecurity leader to oversee the protection of mission-critical systems and drive enterprise-wide security maturity for a leading Hong Kong organization. This is a strategic role responsible for shaping governance frameworks, strengthening security controls, and ensuring the resilience of large-scale technology operations.

Responsibilities of the Role

• Leading assessments of the organization's overall security posture, ensuring alignment with regulatory expectations and established best-practice frameworks.
• Developing and enhancing governance models, policies, and control measures to reinforce IT security across critical and public-facing platforms.
• Serving as a primary liaison with government and regulatory bodies on matters related to cybersecurity, critical infrastructure protection, and incident coordination.
• Building and maintaining a practical incident response framework, ensuring the organization can manage, contain, and recover from cybersecurity events effectively.
• Providing ongoing visibility to senior IT leadership on risks, emerging threats, and incident trends.
• Engaging with internal stakeholders to align expectations, ensure transparency, and strengthen cross-departmental collaboration.
• Overseeing third-party risk processes, ensuring vendors and service partners adhere to security requirements and organizational standards.
• Driving cybersecurity awareness initiatives, training programs, and best-practice adoption across the enterprise.
• Supporting additional governance-related assignments and ad-hoc initiatives as required.

Required Skills for the Role

• A Bachelor's Degree in Information Technology, Cybersecurity, or a related field (Master's degree advantageous but not mandatory).
• At least 10 years of broad IT experience, with 5+ years focused on security governance, risk management, audit, or similar leadership roles.
• Professional certifications such as CISSP, CISM, CISA, or equivalent credentials.
• Solid understanding of security frameworks and standards (e.g., NIST, ISO 27001) and hands-on exposure to enterprise risk and audit processes.
• Strong awareness of cybersecurity legislation, regulatory obligations, and industry practices relevant to Hong Kong.
• A proven ability to lead teams, influence senior stakeholders, and drive organization-wide initiatives.
• Excellent communication skills in both English and Cantonese is a must, with the capability to translate technical issues into clear, actionable information for non-technical audiences.

Key skills/competency

• IT Security Governance
• Cybersecurity Leadership
• Risk Management
• Incident Response
• Regulatory Compliance
• Information Security Policies
• Third-Party Risk Management
• Security Awareness Training
• NIST
• ISO 27001