Founded in 1901 as China Light and Power Company Limited in Hong Kong, CLP Group has grown from a Hong Kong-based power utility into a leading investor and operator in the Asia Pacific Region’s electricity market. Outside Hong Kong, CLP invests in the energy sector in Mainland China, India, Southeast Asia, Taiwan and Australia. Our business includes power generation, transmission and distribution, and electricity and gas retail activities. CLP Holdings Limited, a company listed on the Stock Exchange of Hong Kong, is the holding company for the CLP Group.

We are looking for a high caliber professional to join Digital Group of CLP Power Hong Kong Limited. 

Responsibility:

• Serve as the key point of contact for operational incident response and participate in the Cyber Security on- call roster, ensuring availability for 24/7 emergency response. Oversee escalation, engage key stakeholders, and ensure all actions are logged in the Incident/Case Management system to validate attacks and ensure appropriate and timely responses to remediate or contain threats.

• Collaborate with key stakeholders to close out security events by identifying the root cause and determining whether the event warrants investigation, escalation, or immediate declaration as a security incident.

• Provide expert arbitration when events are escalated and ensure accountability for the delivery of this critical task.

• Direct operational-level threat hunting within CLP networks, leveraging both in-house and outsourced capabilities to ensure outsourced providers deliver on contractual commitments effectively while developing in-house threat hunting capabilities.

• Analyze the Tools, Techniques, and Procedures (TTPs) of threat actors in collaboration with the Cyber Intelligence Team to ensure intelligence indicators are actively monitored during business-as-usual operations or incident responses.

• Identify lessons learned following security incidents and communicate findings effectively to key stakeholders.

• Manage a small team of Incident Response specialists, focusing on their training and professional development.

• Manage the complete technical vulnerability management cycle, including scanning, prioritization, remediation tracking, handling false positives, and reporting to ensure vulnerability intelligence feeds into the incident management process

• Partner with Digital Operations, business units, and external parties (e.g., security service providers, law enforcement) to coordinate smooth incident management efforts.

• Provide ownership of forensic and incident response casework, maintaining case information, chain of custody reporting, and full documentation from identification to remediation.

• Maintain cyber security incident records and deliver regular reports and technical presentations to senior leadership.

• Develop, maintain, and enhance cyber incident response standards, plans, playbooks, guidelines, and procedures to ensure readiness for diverse cyber incidents.

Requirements:

• A recognized university degree in Computer Science, Information Technology, or equivalent.

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Computer Hacking Forensic Investigator (C|HFI), Certified Incident Handler (ECIH), GIAC Certified Incident Handler (GCIH), or GIAC Certified Forensic Analyst (GCFA) or equivalent.

• At least 8 years’ experience working in cyber security functions with at least 5 years’ experience in cyber incident investigation and response.

• Proven experience in leading a team focused on incident response, threat hunting, digital forensics and malware investigation.

• Strong leadership experience in a high paced complex IT environment. Ability to lead, influence and collaborate with team members.

• Proficiency in utilising security event detection, analysis and response technologies, including Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Threat Intelligence Platforms (TIP), Data Loss Prevention (DLP), Vulnerability Management, Operational Technology (OT) Security, Cloud Security Services and others.

• Comprehensive understanding of the cyber threat landscape and emerging threats.

• Excellent reasoning competence to investigate, analyze and draw appropriate conclusions, with the ability to think like an attacker.

• Strong written and verbal communication skills, including the ability to gather and critically evaluate information and prepare written documents that clearly and concisely describe the investigation findings and responses.

• Able to work outside of regular office hours to respond to emerging critical threats and incidents.

• Proven organizational, collaboration and interpersonal skills to work effectively with cross-functional teams.

• Strong business acumen and vendor management experience.

• Knowledge of OT technologies will be a significant advantage.

• Good command of spoken and written English and Mandarin.