Job Description
7 days ago
Responsibilities
The InfoSec Analyst supports the firm's information-security, security operations, security platforms, data-protection and compliance activities. The role includes client questionnaires, security assessments, third-party risk evaluations, documentation reviews and coordination with internal teams. The position requires strong written and verbal communication skills in English and Chinese.
Incident Response and Operation Support
• Triage daily security alerts, make adjustments, and design new security rules.
• Assist in gathering information during security incidents, including documentation, timeline building, and coordination with IT teams.
• Support post-incident review documentation.
• Periodically update and enhance Incident Response procedures, playbooks, and workflows.
Risk Management & Controls Monitoring
• Support periodic risk assessments, vulnerability reports and remediation tracking.
• Assist with the review of configurations, logs or alerts as instructed.
• Help prepare management reporting dashboards and metrics.
• Maintain vulnerability management platform configurations and enhance scanning efficacy.
Client & Regulatory Assurance
• Complete and assist in reviewing client security questionnaires, RFP responses and due-diligence requests.
• Prepare documentation demonstrating the firm’s cybersecurity controls, certifications and compliance posture.
• Support responses to client audits, follow-up queries and evidence submission.
Third-Party & Vendor Risk
• Assist with third-party security assessments, including questionnaire reviews, evidence collection and preliminary risk scoring.
• Help maintain the third-party risk register and track remediation items with vendors.
Security Governance & Documentation
• Maintain and update security policies, standards and procedures under guidance from the InfoSec Manager.
• Assist with evidence collection for internal and external audits (e.g., ISO 27001, client-driven requirements).
Awareness & Training
• Develop awareness materials in English and Chinese, including emails, posters, microsite content and training briefings.
• Coordinate phishing-simulation campaigns and reporting.
• Follow up and coordinate focused training programs.
General Support
• Conduct research on emerging threats, regulatory changes (HK & PRC), and best practices.
• Perform administrative and InfoSec programme support tasks as required.
Qualifications
• Degree or Higher Diploma in Information Security, Computer Science, IT, Risk Management or a related discipline.
• Relevant certifications preferred: CISSP, SSCP, CISM, AZ-500, AZ-900 or GSEC/GCIH equivalents.
• Other certifications (not required, but advantageous):
• CompTIA Security+
• ISO 27001 internal auditor
• Minimum 3 years of hands-on experience in cybersecurity management.
• Experience within professional services or regulated industries (legal sector experience advantageous).
• Experience with zero-trust implementation, cloud-security programmes and Microsoft 365 security advantageous.
• Strong background in security domains including network, application, cloud, incident response and threat intelligence.
• Practical experience managing modern security tools (SIEM, SOAR, XDR, SASE, DLP).
• Proven ability to build stakeholder trust, manage change and lead improvement initiatives.
• Excellent written and verbal communication skills in English.
• Highly collaborative, able to work effectively across diverse teams and stakeholders.
• Strong judgement and discretion when handling sensitive information.
• Proactive, resilient and able to manage shifting priorities.
• Strong customer-service orientation and ability to anticipate business needs.
• Ability to mentor others and contribute to a culture of continuous improvement.
• Capable of influencing without direct authority, driving adoption of secure practices.
• Fluent written and spoken English.
• Fluency in written Chinese (traditional & simplified) is an advantage.
• Fluent spoken Cantonese and Mandarin.
• Strong attention to detail and accuracy—especially for client questionnaire and documentation work.
• Clear and professional writing skills.
• Good understanding of cybersecurity fundamentals.
• Ability to understand and follow procedures.
• Strong organisational skills and ability to manage multiple requests.
• Comfortable communicating with internal teams and external vendors.
• Familiarity with security frameworks (ISO 27001, NIST CSF, CIS Controls).
• Basic knowledge of Microsoft 365 security features.
• Experience with questionnaires (SIG, CAIQ, VSA).
• Understanding of data-protection requirements in HK/PRC.
Should you require any reasonable adjustments to be made for you during the recruitment process please do not hesitate to contact a member of the JSM recruitment team.
The InfoSec Analyst supports the firm's information-security, security operations, security platforms, data-protection and compliance activities. The role includes client questionnaires, security assessments, third-party risk evaluations, documentation reviews and coordination with internal teams. The position requires strong written and verbal communication skills in English and Chinese.
Incident Response and Operation Support
• Triage daily security alerts, make adjustments, and design new security rules.
• Assist in gathering information during security incidents, including documentation, timeline building, and coordination with IT teams.
• Support post-incident review documentation.
• Periodically update and enhance Incident Response procedures, playbooks, and workflows.
Risk Management & Controls Monitoring
• Support periodic risk assessments, vulnerability reports and remediation tracking.
• Assist with the review of configurations, logs or alerts as instructed.
• Help prepare management reporting dashboards and metrics.
• Maintain vulnerability management platform configurations and enhance scanning efficacy.
Client & Regulatory Assurance
• Complete and assist in reviewing client security questionnaires, RFP responses and due-diligence requests.
• Prepare documentation demonstrating the firm’s cybersecurity controls, certifications and compliance posture.
• Support responses to client audits, follow-up queries and evidence submission.
Third-Party & Vendor Risk
• Assist with third-party security assessments, including questionnaire reviews, evidence collection and preliminary risk scoring.
• Help maintain the third-party risk register and track remediation items with vendors.
Security Governance & Documentation
• Maintain and update security policies, standards and procedures under guidance from the InfoSec Manager.
• Assist with evidence collection for internal and external audits (e.g., ISO 27001, client-driven requirements).
Awareness & Training
• Develop awareness materials in English and Chinese, including emails, posters, microsite content and training briefings.
• Coordinate phishing-simulation campaigns and reporting.
• Follow up and coordinate focused training programs.
General Support
• Conduct research on emerging threats, regulatory changes (HK & PRC), and best practices.
• Perform administrative and InfoSec programme support tasks as required.
Qualifications
• Degree or Higher Diploma in Information Security, Computer Science, IT, Risk Management or a related discipline.
• Relevant certifications preferred: CISSP, SSCP, CISM, AZ-500, AZ-900 or GSEC/GCIH equivalents.
• Other certifications (not required, but advantageous):
• CompTIA Security+
• ISO 27001 internal auditor
• Minimum 3 years of hands-on experience in cybersecurity management.
• Experience within professional services or regulated industries (legal sector experience advantageous).
• Experience with zero-trust implementation, cloud-security programmes and Microsoft 365 security advantageous.
• Strong background in security domains including network, application, cloud, incident response and threat intelligence.
• Practical experience managing modern security tools (SIEM, SOAR, XDR, SASE, DLP).
• Proven ability to build stakeholder trust, manage change and lead improvement initiatives.
• Excellent written and verbal communication skills in English.
• Highly collaborative, able to work effectively across diverse teams and stakeholders.
• Strong judgement and discretion when handling sensitive information.
• Proactive, resilient and able to manage shifting priorities.
• Strong customer-service orientation and ability to anticipate business needs.
• Ability to mentor others and contribute to a culture of continuous improvement.
• Capable of influencing without direct authority, driving adoption of secure practices.
• Fluent written and spoken English.
• Fluency in written Chinese (traditional & simplified) is an advantage.
• Fluent spoken Cantonese and Mandarin.
• Strong attention to detail and accuracy—especially for client questionnaire and documentation work.
• Clear and professional writing skills.
• Good understanding of cybersecurity fundamentals.
• Ability to understand and follow procedures.
• Strong organisational skills and ability to manage multiple requests.
• Comfortable communicating with internal teams and external vendors.
• Familiarity with security frameworks (ISO 27001, NIST CSF, CIS Controls).
• Basic knowledge of Microsoft 365 security features.
• Experience with questionnaires (SIG, CAIQ, VSA).
• Understanding of data-protection requirements in HK/PRC.
Should you require any reasonable adjustments to be made for you during the recruitment process please do not hesitate to contact a member of the JSM recruitment team.
More jobs like this
Information Security Senior Manager / Manager
国泰君安国际 Guotai Junan International
Central and Western, Hong Kong, China
(Assistant) Security Analyst
CITIC Telecom International CPC Limited
Central and Western, Hong Kong, China
Information Security Senior Manager / Manager
国泰君安国际 Guotai Junan International
Central and Western, Hong Kong, China
🎉 Got an interview?
