Senior Manager - IT Security and Governance

We are working with a leading Hong Kong organization seeking a seasoned IT governance and cybersecurity leader to oversee the protection of mission‑critical systems and drive enterprise‑wide security maturity. This is a strategic role responsible for shaping governance frameworks, strengthening security controls, and ensuring the resilience of large‑scale technology operations.

• Leading assessments of the organisation's overall security posture, ensuring alignment with regulatory expectations and established best‑practice frameworks.
• Developing and enhancing governance models, policies, and control measures to reinforce IT security across critical and public‑facing platforms.
• Serving as a primary liaison with government and regulatory bodies on matters related to cybersecurity, critical infrastructure protection, and incident coordination.
• Building and maintaining a practical incident response framework, ensuring the organisation can manage, contain, and recover from cybersecurity events effectively.
• Providing ongoing visibility to senior IT leadership on risks, emerging threats, and incident trends.
• Engaging with internal stakeholders to align expectations, ensure transparency, and strengthen cross‑departmental collaboration.
• Overseeing third‑party risk processes, ensuring vendors and service partners adhere to security requirements and organisational standards.
• Driving cybersecurity awareness initiatives, training programmes, and best‑practice adoption across the enterprise.
• Supporting additional governance‑related assignments and ad‑hoc initiatives as required.

• A Bachelor's Degree in Information Technology, Cybersecurity, or a related field (Master's degree advantageous but not mandatory).
• At least 10 years of broad IT experience, with 5+ years focused on security governance, risk management, audit, or similar leadership roles.
• Professional certifications such as CISSP, CISM, CISA, or equivalent credentials.
• Solid understanding of security frameworks and standards (e.g., NIST, ISO 27001) and hands‑on exposure to enterprise risk and audit processes.
• Strong awareness of cybersecurity legislation, regulatory obligations, and industry practices relevant to Hong Kong.
• A proven ability to lead teams, influence senior stakeholders, and drive organisation‑wide initiatives.
• Excellent communication skills in both English and Cantonese is a must, with the capability to translate technical issues into clear, actionable information for non‑technical audiences