Job Vacancy with CGCC – Executive of IT Security Assurance

Key responsibilities

Security Policy and Strategy:

  • Review and enhance the company’s IT security policy, standards, and processes to align with international security frameworks, best practices, and evolving regulations.
  • Collaborate in the implementation of robust security standards and policies across the company.

Security Assessments and Testing:

  • Conduct vulnerability assessments, penetration testing (including web application and network penetration testing), and security audits to identify and mitigate potential security risks.
  • Evaluate existing security controls and identify areas of non-compliance or vulnerability, recommending and implementing corrective actions.
  • Stay informed of the latest cyber threats and vulnerabilities, proactively adapting security measures.

Security Operations and Incident Response:

  • Provide independent oversight on security operations, including patch management, vulnerability management, and configuration management.
  • Manage and monitor security logs, analyze security incidents, and implement appropriate response procedures.
  • Collaborate with internal teams to investigate and remediate security incidents, ensuring timely containment and recovery.

Compliance and Training:

  • Assist in ensuring regulatory compliance and adherence to information security-related laws, rules, and regulations.
  • Prepare for and participate in internal and external audits, ensuring adherence to information security regulations and compliance requirements.
  • Develop and deliver security awareness training programs for employees to educate them on cybersecurity best practices and potential threats.

Communication and Collaboration:

  • Communicate effectively with internal and external stakeholders, including senior management, to provide clear and concise security reports and recommendations.
  • Foster collaboration across departments to promote a culture of security awareness and shared responsibility.
  • Other security, infrastructure and application administration tasks as assigned by the line manager.


Qualification Requirements


  • Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field.
  • Minimum of 1 years of experience in information security, with a proven track record of success in conducting security assessments and implementing security controls.
  • Experience with penetration testing methodologies, including web application and network penetration testing (certifications preferred).
  • Certifications in penetration testing (e.g., OSCP, CEH) and relevant security frameworks (e.g., CISSP, CISA, ISO 27001) are highly desirable.
  • In-depth understanding of information security best practices, threats, vulnerabilities, and risk management principles.
  • Strong analytical and problem-solving skills.
  • Excellent communication and interpersonal skills, with the ability to present complex technical information to both technical and non-technical audiences.

Interested candidates are invited to submit their CV and cover letter to [email protected] (Deadline: April 1, 2024). We regret that only short-listed candidates will be contacted.