- Hong Kong Hong Kong
Master Concept (Hong Kong) Limited Hiring! Full Time IT Infrastructure - Security Lead in Hong Kong - Ricebowl
IT Infrastructure - Security Lead
Master Concept (Hong Kong) Limited
Share
Save
Working Location
Job Description
Responsibilities
About the Role
We are seeking a highly experienced and strategic Infrastructure & Security Lead to spearhead the identity, infrastructure, and security separation for our new SCE entity. In this pivotal role, you will be responsible for ensuring seamless business continuity, robust security posture, strict privacy, and regulatory compliance throughout the entire migration and cutover lifecycle. You will act as the primary technical authority for safeguarding our data and infrastructure during this critical transition.
Key Responsibilities
Identity & Access Management: Design, execute, and implement comprehensive identity separation strategies, including Entra ID/Active Directory tenant setup, complex domain and workload migrations, MFA/Conditional Access, Privileged Identity Management (PIM), and secure service account transitions.
Access Governance: Define and rigorously enforce access governance frameworks, including Role-Based Access Control (RBAC), Joiner-Mover-Leaver (JML) processes, approval workflows, audit trails, and mandatory periodic access reviews.
Data Protection & Compliance: Implement and oversee robust data protection controls such as data classification and labeling, encryption protocols, Data Loss Prevention (DLP), secure file transfer mechanisms, and retention/eDiscovery policies.
Network & Perimeter Security: Architect and oversee secure connectivity and perimeter controls, managing network segmentation, enterprise firewalls, VPN/SASE architectures, DNS/DHCP configurations, and secure internet breakouts.
Risk & Vulnerability Management: Coordinate comprehensive security assessments, penetration testing, and third-party vendor risk reviews. Proactively manage security risks by developing and executing targeted remediation plans.
Incident Response & Readiness: Establish robust incident response readiness for all cutover events and early life support phases. Lead the integration of logging, monitoring, and SIEM solutions to ensure rapid threat detection and response.
Compliance Alignment: Ensure all infrastructure and security initiatives align seamlessly with institutional security policies, ultimately producing formal compliance sign-offs for Day-1 readiness.
Must-Have Spin-Off Experience
Proven track record of successfully leading at least two (2) end-to-end identity, infrastructure, and security separations (e.g., Microsoft 365 tenant splits, Active Directory domain separations, corporate network carve-outs).
Demonstrated cutover success with a flawless record of zero unauthorized access incidents or data leakages during migration events.
Qualifications & General Experience Requirements
10+ years of extensive experience across IT infrastructure and cybersecurity domains.
5+ years of hands-on experience designing, building, and operating Microsoft 365, Entra ID, and Active Directory environments at an enterprise scale.
Deep, hands-on expertise in M365 tenant builds and complex tenant-to-tenant migrations involving Exchange Online, SharePoint, OneDrive, and Teams.
Strong technical proficiency in Conditional Access, PIM, and Intune/MDM deployments.
Robust network and security engineering background, specifically with enterprise-grade firewalls (e.g., Fortinet, Cisco, Palo Alto), VPN/SASE, network segmentation, DNS/DHCP, and enterprise Wi-Fi.
Solid working knowledge of data privacy regulations (specifically PDPO) and information security standards (such as ISO 27001).
Demonstrated experience in facilitating, managing, and responding to IT security audits and penetration tests.
Exceptional cross-workstream coordination, communication, and project risk management skills.
Preferred Skills & Certifications
Industry-recognized information security certifications: CISSP and/or CISM.
Microsoft specific security certifications: SC-100, SC-300, AZ-500, MS-102.
Network security and engineering certifications: CCNP, NSE, or equivalent.
Practical exposure to Microsoft's broader security and compliance toolsets (e.g., Microsoft Purview, Advanced eDiscovery, DLP).
Experience implementing or managing SIEM/SOAR platforms, preferably Microsoft Sentinel.
Key Deliverables Expected
Comprehensive IAM and Tenant Architecture Blueprints.
Detailed Security Control Checklists.
End-to-End Migration Security and Cutover Plans.
Access Review Packs.
Network and Connectivity Designs.
Formal Compliance Sign-offs and Day-1 Readiness Reports.
Full-time
We are seeking a highly experienced and strategic Infrastructure & Security Lead to spearhead the identity, infrastructure, and security separation for our new SCE entity. In this pivotal role, you will be responsible for ensuring seamless business continuity, robust security posture, strict privacy, and regulatory compliance throughout the entire migration and cutover lifecycle. You will act as the primary technical authority for safeguarding our data and infrastructure during this critical transition.
Key Responsibilities
Identity & Access Management: Design, execute, and implement comprehensive identity separation strategies, including Entra ID/Active Directory tenant setup, complex domain and workload migrations, MFA/Conditional Access, Privileged Identity Management (PIM), and secure service account transitions.
Access Governance: Define and rigorously enforce access governance frameworks, including Role-Based Access Control (RBAC), Joiner-Mover-Leaver (JML) processes, approval workflows, audit trails, and mandatory periodic access reviews.
Data Protection & Compliance: Implement and oversee robust data protection controls such as data classification and labeling, encryption protocols, Data Loss Prevention (DLP), secure file transfer mechanisms, and retention/eDiscovery policies.
Network & Perimeter Security: Architect and oversee secure connectivity and perimeter controls, managing network segmentation, enterprise firewalls, VPN/SASE architectures, DNS/DHCP configurations, and secure internet breakouts.
Risk & Vulnerability Management: Coordinate comprehensive security assessments, penetration testing, and third-party vendor risk reviews. Proactively manage security risks by developing and executing targeted remediation plans.
Incident Response & Readiness: Establish robust incident response readiness for all cutover events and early life support phases. Lead the integration of logging, monitoring, and SIEM solutions to ensure rapid threat detection and response.
Compliance Alignment: Ensure all infrastructure and security initiatives align seamlessly with institutional security policies, ultimately producing formal compliance sign-offs for Day-1 readiness.
Must-Have Spin-Off Experience
Proven track record of successfully leading at least two (2) end-to-end identity, infrastructure, and security separations (e.g., Microsoft 365 tenant splits, Active Directory domain separations, corporate network carve-outs).
Demonstrated cutover success with a flawless record of zero unauthorized access incidents or data leakages during migration events.
Qualifications & General Experience Requirements
10+ years of extensive experience across IT infrastructure and cybersecurity domains.
5+ years of hands-on experience designing, building, and operating Microsoft 365, Entra ID, and Active Directory environments at an enterprise scale.
Deep, hands-on expertise in M365 tenant builds and complex tenant-to-tenant migrations involving Exchange Online, SharePoint, OneDrive, and Teams.
Strong technical proficiency in Conditional Access, PIM, and Intune/MDM deployments.
Robust network and security engineering background, specifically with enterprise-grade firewalls (e.g., Fortinet, Cisco, Palo Alto), VPN/SASE, network segmentation, DNS/DHCP, and enterprise Wi-Fi.
Solid working knowledge of data privacy regulations (specifically PDPO) and information security standards (such as ISO 27001).
Demonstrated experience in facilitating, managing, and responding to IT security audits and penetration tests.
Exceptional cross-workstream coordination, communication, and project risk management skills.
Preferred Skills & Certifications
Industry-recognized information security certifications: CISSP and/or CISM.
Microsoft specific security certifications: SC-100, SC-300, AZ-500, MS-102.
Network security and engineering certifications: CCNP, NSE, or equivalent.
Practical exposure to Microsoft's broader security and compliance toolsets (e.g., Microsoft Purview, Advanced eDiscovery, DLP).
Experience implementing or managing SIEM/SOAR platforms, preferably Microsoft Sentinel.
Key Deliverables Expected
Comprehensive IAM and Tenant Architecture Blueprints.
Detailed Security Control Checklists.
End-to-End Migration Security and Cutover Plans.
Access Review Packs.
Network and Connectivity Designs.
Formal Compliance Sign-offs and Day-1 Readiness Reports.
Full-time
Important Information
Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.
Learn More
