Senior Technology Risk Manager – Digital Development Center

Senior Technology Risk Manager – Digital Development Center

Siemens Mobility Limited

If you really want to make a difference – make it with us

Siemens Mobility is the world’s leading provider of mobility solutions that enable the efficient, safe, and environmentally friendly transport of people and goods – improving the quality of everyday life for millions of people in Hong Kong. Driven by innovation, we develop intelligent solutions that support the increasing digitalization of the transport sector. Our offerings range from rail vehicles and rail automation to road traffic management systems and rail electrification. Our data-driven services provide customers with unique value, setting us apart in the industry.

As the demand for robust cybersecurity grows in this digital age, we are committed to safeguarding our critical infrastructure and ensuring full compliance with the latest cybersecurity standards. We are looking for a highly skilled and proactive Senior Technical Manager to lead our cybersecurity initiatives and help us navigate the rapidly changing digital landscape. Join us and build your career at one of the world’s most renowned companies. Welcome to visit: https://www.mobility.siemens.com/hk/en.html

Your new role - challenging and future-oriented

This incumbent will be act as Senior Technology Risk Manager in Hong Kong, being the subject matter expert in IoT cybersecurity

• Review and design cybersecurity solutions, provide subject advisory and technical expertise to help clients determine cybersecurity requirements, comply with cybersecurity standards and conduct cybersecurity assessment
• Provide cybersecurity advice such as the secure design of processes and system architectures to technical/business colleagues and increase awareness on security threats
• Lead the Cybersecurity technical/business projects workstream to ensure secure services and business processes right from the start
• Drive the assessment of cybersecurity vulnerabilities, mitigation of findings and implementation of cybersecurity controls for IoT applications and the underlying IT infrastructure
• Collaborate with other Cybersecurity units, service providers to build up your network in the Cybersecurity ecosystem and to ensure continuous Cybersecurity improvement
• Accompany and guide sales, presales, operations, business managers in client discussion
• Contribute to Risk Management processes to give management a clear picture of relevant Cybersecurity risks
• Relate Information Security goals, objectives and needs of the business environment to ensure a holistic protection of the most critical assets of the business
• Detect deviations from protection requirements and support the identification and implementation of compensating measures
• Facilitate internal or external Cybersecurity assessment and audit, Threat / Risk Analysis (TRA) and crisis management activities
• Drive the process of cybersecurity monitoring and liaise with customer on Incident Response and Handling

Your skills and experience

Individuals who meet the following requirements or possess the equivalent combination of competence and experience are invited to apply:

• Degree in Computer Science/Engineering or Business Information Technology
• At least 10 years of experience in similar roles with additional experience in the Cybersecurity, IT / or technology related fields preferred
• CISSP and CEH certifications are required
• IEC 62443, ISO 27001 related certifications preferred
• CISA, CISM, or other related professional qualifications preferred
• Experience in variety of IT / OT Security Frameworks (e.g. IEC 62443-3-3, ISO 27001)
• Experience in design and implementation of pragmatic protection measures in Cloud (i.e., AWS, Azure) and SaaS environments
• Experience in penetration test, Cybersecurity assessment and audit is an advantage
• Experience / Knowledge in Railway related projects is an advantage
• Solid knowledge about current threats to IT applications/services and infrastructures and are familiar with state-of-the-art protection measures
• Deep knowledge of enterprise information technology concepts and digitalization use cases
• Awareness of technology megatrends such as cloud computing and other disruptive technologies
• Ability to translate technical concepts into business-friendly terminology (verbally and written)
• Strong team player and collaborator with robust interpersonal skills
• Strong analytical skills to identify, assess and mitigate security vulnerabilities
• Experience working with various stakeholders, e.g., communication of technical topics to C-suite audiences
• Practical experience in Enterprise Risk Management (ERM)
• Proficient in written and spoken English and Mandarin
• Candidates with less experience might be considered as Technology Risk Manager

Business and Collaborative Skills

• Ability to learn / dive into the technology trends and implement them into existing solutions
• Ability to work well in a team environment
• Ability to handle multi-tasking situations with the ability to arrange works according to priorities and schedule autonomously
• Proactive, self-directed, motivated and desire to innovate in a challenging corporate environment
• A solid track record of working as a Technical Manager with focus on IoT and cloud technology
• Several years of practical experience in cloud computing solutions, cloud security concepts and cloud operations concepts in a Business to Business and Business to Authority environment

How to Apply:

We are an equal opportunity employer and welcome applications from all qualified candidates. Attractive remuneration package and excellent career prospects will be offered to the right candidate. Interested persons, please send your full resume with expected salary in your application by clicking “Apply Now”.

Applicants not hearing from us within 4 weeks from the date of advertisement may consider their applications filed for future reference. We reserve the right to review applications received for suitability for other posts within the company. Personal data provided by job applicants will be used strictly for recruitment related purpose only. We shall retain the personal data of unsuccessful applicants for a period of 2 years.