Group Information Security Officer
Sample job description

  • Define based on and in liaison with CK Hutchison policies the Hutchison Ports information security vision and strategy
  • Develop, maintain and implement security policies, procedures, architecture and services based on the Hutchison Ports information security vision and strategy, the latest regulatory compliance and technologies (such as Cloud)
  • As Group Information Security Custodian (GISC) ensure confidentiality, integrity and availability of information of the group is maintained
  • Control budgets and activities for information security operations and monitor expenses
  • Manage security measures for the Hutchison Ports Group and increase the overall process maturity (ISO 27001/2), awareness and the overall information security culture
  • Train and supervise individual Terminal (Business Unit) Information Security Custodian (ISC)
  • Follow up on CK Hutchison audit results and conduct regular information security audits within the group and terminals
  • Respond to major information security incidents and breaches
  • Report on information security incidents and breaches
  • Create reports for management on security status
  • Analyse data to form proposals for improvements
Level of Responsibility:
  • SFIA Level 6 “Initiate, Influence”


  • Has defined authority and responsibility for actions and decisions within a significant area of work, including technical, financial and quality aspects. Establishes organisational objectives and assigns responsibilities.


  • Influences policy and strategy formation. Initiates influential relationships with internal and external customers, suppliers and partners at senior management level. Makes decisions which impact the work of employing organisations, achievement of organisational objectives and financial performance.


  • Has a broad business understanding and deep understanding of own specialism. Performs highly complex work activities covering technical, financial and quality aspects. Contributes to the implementation of policy and strategy.  Creatively applies a wide range of technical and/or management principles.

Business Skills

  • Absorbs complex information and communicates effectively at all levels to both technical and non-technical audiences. Manages and mitigates risk. Understand the implications of new technologies. Demonstrates clear leadership. Understands and communicates industry developments, and the role and impact of technology in the employing organisation. Promotes compliance with relevant legislation. Takes the initiatives to keep both own and colleagues’ skills up to date.
  • Information Security SCTY
  • IT Governance GOVN
  • Information Assurance (INAS)
  • Consultancy CNSL
  • Technical Specialism (TECH)
  • Security Administration (SCAD)
  • Relationship Management (RLMT)
  • Performance Management (PEMT)
  • Project Management (PRMG)
Desired expertise and qualifications:
  • SFIA level 6 demonstrated in appropriate skill category
  • Degree holder or Post-Graduate qualification in IT-related disciplines
  • Minimum 12 years of relevant IT experience with responsibilities managing a team
  • Knowledge and understanding of latest security tools, applications and practices, as well as current legal legislations and industry standards relevant to the role, such as data privacy requirements
  • Relevant professional certifications (such as CISSP, CISA, CISM, CBCP, Ethnical Hacking)
Salary range: $100,000 – $110,000 hkd per month