
基层主管/组长
AI 估算 · 35k–55k
Senior Associate at Big Four consulting firm in Hong Kong; high demand for cyber risk skills; competitive pay.
This role is for a Senior Associate in Cyber & Tech Risk consulting at PwC Hong Kong. You will design and implement technology risk and information security frameworks, assess client systems, and lead teams to deliver pragmatic solutions. Ideal for professionals with IT audit, security, and governance experience.
University degree majoring in accounting, business administration, information systems, computer science, engineering, statistics, accounting, and / or business administration; Professional qualifications: CISA, CISM, CISSP, CEH, CISP or other security related qualifications; System design / implementation and / or security assessment / IT audit experience with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions); Practical experience and working knowledge in two or more of the following - business & system processes review, IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM, network and system penetration testing, application security testing and code review; Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, SAP, Oracle, Hyperion and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively; Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems; Familiar with security and control for technologies: Unix, Windows, database, Firewall, Router, mobile technologies (e.g., IOS, Android), etc.; Excellent communication skills in both oral and written English and Chinese; Flexible, self-starter possessing intellectual curiosity; Ability to interact with executive levels of client and firm management; Effective project management, interpersonal and influencing skills are essential; and Flexibility to travel to out-of-town engagements.
Designing, assessing and implementing technology risk and information security management framework, policies, standards, procedures and solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions, using ISO27001, ISO20000 and CoBIT as the internationally recognized information security and IT service management standards; Analyzing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.); Providing assurance over the operations and approach of management service providers in any outsourcing of the IT function; Establishing risk governance recommendations on emerging policies to support development of new procedures and methodologies to minimize risks; Conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations; and Supervising, coaching, developing and leading teams and individual team members.
优点
缺点 / 挑战
暂无明显挑战项
Big Four consulting role offering strong professional growth and competitive compensation but with limited work-life flexibility.
Competitive salary and benefits typical of Big Four firms; however, exact figures are not disclosed.
Strong focus on professional development through coaching, certifications, and exposure to cutting-edge cyber risk practices.
Predominantly on-site with travel required; no explicit WLB mentions, indicating potential for long hours.
Contributes to client security and resilience; industry growth in cyber risk is high, but specific mission-driven language is absent.