Consulting – Cyber Security and Privacy Protection – Senior Consultant – Hong Kong   The opportunity Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security and privacy protection measures. EY is a global leading service provider in this area, we look forward to people with enthusiasm, knowledge and experience to join us. You will be working with leading class talent in a collaborative environment.   Description of our work   As a consultant, under the leadership of the project manager, carry out various consulting services in an orderly manner to ensure that the work is completed on time and with high quality.   Depends on the nature and scope of the different services, a consultant’s work could fall into below categories (but is not limited to): Information security management and compliance : Develop information security governance/management framework, policies, standards and procedures. Establish information security management system such as ISO27001, including planning, implementation, assessment and audit. Assess the compliance status based on regional applicable laws, regulations and industry standards. Cyber-attack simulation and penetration testing : Review the architecture and configurations of IT systems. Carry out vulnerability scanning and penetration testing, and simulate real cyber-attack scenarios, actively discover potential security risks of the application and systems. Provide recommendation for the optimization of Cybersecurity protection measure based on the discovered Cybersecurity defence and operations : Monitor the cybersecurity situation in real time Respond to and deal with various security incidents in a timely manner, ensure the stable operation of the enterprise network infrastructure and information system Continuously optimize the defence strategy, and improve the overall security protection capability. Cybersecurity technologies planning : Design cutting-edge security protection technical solutions (such as IAM, EDR, DLP, Zero Trust, etc.) based on security risk management requirements, leading enterprise security technology innovation and upgrading. Aid in technical solution implementation project management.  Privacy protection management and compliance : Responsible for the multi-country privacy protection compliance management of enterprises with in-depth understanding to the applicable laws and standards in the region. Build and improve the data privacy management system (such as ISO27701), facilitate the compliance of enterprises in the whole lifecycle of data collection, storage, transfer, use and disposal, and safeguard the privacy rights and interests of users. Assist the enterprise to conduct privacy compliance assessments such as PIA and CBDT.   Work experience requirements We expect candidates to have work experience in one or more of the following relevant areas: Engaged in enterprise information security governance/management, familiar with regional applicable laws and standards, understand relevant solutions, and familiar with the planning, implementation, evaluation and audit methods of information security management system (such as ISO 27001). Have experience in multi-country privacy protection compliance management, understand regional privacy protection laws and standards, be able to skilfully use relevant tools, and understand how to build and operate data privacy management systems (such as ISO 27701). Engaged in enterprise security technology testing, attack defence and operation, with practical experience, can effectively cope with various cybersecurity challenges. Participated in enterprise security technology solution planning, implementation and operation, with deep understanding and practical experience of common security technology solution packages (such as IAM, EDR, DLP, zero trust, etc.).   We also warmly welcome ambitious people who are eager to develop in professional areas of cybersecurity and privacy protection, even he/she may have no direct experience in the areas before. The potential candidate should have one or more of the following experiences in information technology management: Server and network management, familiar with network architecture and server operation management. Cloud computing management, understand the security features and management methods of cloud computing platforms. Database management, understand database security protection and data management technology. Application development, with security coding awareness and application security vulnerability prevention capabilities. AI application, can apply AI technology to the field of security and improve the level of intelligent security protection. OT/IOT application, familiar with security challenges and coping strategies in industrial Internet and Internet of Things environment. Data governance, understand data classification, grading and data security management.   Knowledge and skill requirements Basic knowledge reserve : Regardless of past experience, candidates should have solid basic knowledge of information security and privacy protection, and have a clear understanding of relevant concepts, technologies and solutions. Learning and enthusiasm : Have a high degree of enthusiasm for learning, always maintain a keen insight into new knowledge and new technology, and actively improve their professionalism. Communication and collaboration skills : Have good customer communication skills, be able to work effectively with team members from different backgrounds, be brave in taking responsibility, be willing to share work pressure for colleagues, and jointly overcome difficulties. Work attitude and delivery ability : Adhere to the attitude of diligent work, deliver work tasks with high quality in strict accordance with time nodes, and ensure the accuracy and efficiency of work. Language skills : Excellent written Chinese and English skills, fluent oral English, Cantonese and/or Mandarin. Related qualifications : Ideally, the candidate should have one or more industry certifications such as CISSP, CISA, CISM, CCSP, OSCP, CEH, CIPM, CIPP/E or equivalent.     What will EY offer Broad development platform: stay at the forefront of the industry, participate in various large-scale projects, accumulate rich practical experience, and help individuals to promote rapidly. Professional training and growth: Provide regular professional training courses, invite industry experts to share cutting-edge technology and practical experience, support employees to obtain relevant professional certifications, and continuously empower employees for career development. Favorable welfare benefits: competitive salary benefits, perfect five insurances and one fund, paid annual leave, holiday benefits, etc., pay attention to the balance between life and work of employees. Harmonious team atmosphere: open and inclusive corporate culture, positive team atmosphere, encouraging innovation and sharing, making work a pleasure.   Apply now!