ITJS     Hot Jobs Full List   
www.infotech.com.hk 
      ITJS  
Job Key No 34401
Job Title/ Category Contract Systems Analyst - IT Security, CISA, CISSP, CISP (Bid Ref 54873-2)
Number Of Vacancy 1
Relevant Field Others
Nature Contract
Deadline 13 Aug 2025
Contract Period 01 Sep 2025 to 31 Aug 2026 (12 months)
Payroll under InfoTech
Employer Business Government T26 Contract
Location Base Mainly in Admiralty, Yau Ma Tei and Ho Man Tin
Work in Guangdong Province N/A
Monthly Salary Range HK$ N/A - N/A
Project Nature (T26) IT projects and on-going support for Security Bureau (SB), Auxiliary Medical Service (AMS) and Civil Aid Service (CAS) on IT security related matters.
Duties - Serve a contract assignment under InfoTech's headcount, full-time second to serve the SBU;
The appointed staff is required to work in the following areas:

1. Enhance, support and monitor suspicious events of IT security infrastructure including but not limited to end-point protection solution, end-point / network detection and response system (EDR/NDR), web application firewall (WAF), privileged account management system (PAM), centralised log management system, security information and event management system (SIEM), mobile device management system (MDM), web filtering system, patch management system, etc.;

2. Manage the security aspects of network infrastructure including network appliances and firewalls;

3. Manage security matters including configuration and hardening of servers and network appliances, recommend on application / program hardening;

4. Serve as security administrator in IT security organisations including the Information Security Steering Committee and IT Security Management Unit to provide updates on all IT security related matters;

5. Spell out, monitor and ensure necessary technical IT security controls are in place and functional throughout system development life-cycle and on-going system operations, in particular in the areas of access control, operations security, system acquisition / development / maintenance, business continuity, etc. Assist in user acceptance planning and execution in IT security perspectives. Ensure quality procedures, techniques and tools are used;

6. Review system development project deliverables, documentation and operating procedures, identify IT security shortfalls and recommend improvements;

7. Review and update the departmental IT security policies and guidelines according to the latest changes in Government-wide baseline or ad hoc circulars, and provide recommendations to plug the compliance gaps;

8. Coordinate application and infrastructure teams to produce and maintain IT security related system documentation including capacity management plan, up-to-date hardware and software list, configuration and network diagrams, etc.;

9. Monitor software end-of-support, produce migration plan, and ensure on-time completion of associated measures;

10. Identify new threats and known vulnerabilities, perform risk assessments to determine mitigation approach, update security risk register, ensure on-time completion of mitigation measures and reporting to supervisory bodies;

11. Conduct in-house IT security risk assessment and IT security awareness training, managing IT security risk assessment and audit (SRAA) exercises, privacy impact assessments (PIA), as well as compliance audit/check by external parties;

12. Provide first-line support for security incidents and coordinate disaster recovery drills and security incident drills;

13. Assist in procurement, setup, maintenance and support of IT equipment and services underpinning the security tools;

14. Provide technical advices to support latest IT security and business requirements;

15. Engage and collaborate with stakeholders to meet business objectives;

16. Carry out other technical and administrative duties assigned by the supervisor.

Remark: On-site or remote support out of office hours is required when necessary, which will be compensated by time-off in lieu.
Yrs of Total Post-Quali Exp 6.0
Yrs of Relevant Exp 3.0
Requirements The appointed staff should have:
1. Degree in computer subjects or related disciplines;
2. At least one of the industry-recognised IT security certifications (e.g. CISA, CISSP, CISP, etc.)
3. Hands-on experience in technical support for IT security infrastructure and network equipment (e.g. Cisco, H3C, Huawei, etc.);
4. Hands-on experience in IT security design, implementation and operations in application system development projects, preferably using the Government Cloud Infrastructure Services (GCIS);
5. Experience in the technology and security risks of cloud-native applications running in a virtualised and/or containerized environment;
6. Experience in compliance of government IT security policies and guidelines (e.g. S17, G3, SRAA, PIA), preferably for Tier 2 or Tier 3 systems;
7. Good command of written and spoken English and Chinese;
8. Good communication skills and customer service skills;
9. Independent, self-motivated and good sense of responsibility; and
10. Pleasant personality and good interpersonal skills.
The appointed staff will work mainly in Admiralty, Yau Ma Tei and Ho Man Tin, and may need to work in Wanchai, North Point, Kwun Tong, Cheung Sha Wan, Kowloon Bay and Sha Tau Kok when necessary.

Technical Skills:
. At least 4 years' experience in IT Security (ITS);
. At least 3 years' experience in Network & System Management (NSM);
. At least 3 years' experience in Anti-Virus Technology (AVT);
. At least 2 years' experience in Intruder Detection/Alert Technology (IDA);
. At least 2 years' experience in Security Risk Assessment and Audit (SAA);
. At least 2 years' experience in Security Incident Detection and Handling (SDH);
. At least 2 years' experience in IT Security Scanning Tools (SST);
. At least 1 year's experience in Endpoint Security Solutions (ESS);
. 1 year's experience in Anti-Spam Technology (AST) is an advantage;
. 1 year's experience in CISCO IOS Software & CISCO Products (CIP) is an advantage;
. 1 year's experience in Intrusion Prevention System (IPS) is an advantage;
. 1 year's experience in PC LAN Support (PLS) is an advantage.
Non-technical Skills:
. At least 2 years' experience in customer service (CLS);
. At least 2 years' experience in IT audit (ITA);
. At least 1 year's experience in managing corporate IT security framework (CSF);
. At least 1 year's experience in work with the Government (GOV);
. 1 year's experience in managing Government IT standards (ITG) is an advantage.
- Bachelor's degree/Higher Diploma in Computer Science, IT or equivalent;
- At least 6 years' post-qualification experience in which at least 3 years' relevant experience in a similar post and in a comparable capacity.
Last Update 30 Jul 2025
Apply To itcareer@infotech.com.hk
Direct Line 3978 8032


This is an online active job list, but not an exhausted list.  Top senior, sensitive, confidential and inactive jobs are not listed here. Please read the Disclaimer and Information Collection Statement.  Copyright 1990-2024. InfoTech Services (Hong Kong) Limited.  All rights reserved.