Analyst - Information Security (Ref: 26000047)

Responsibilities

• Support key projects and BAU activities in Identity & Access Management (including Identity Governance & Administration, Access Management, and Privileged Access Management), Endpoint Protection, Data Security, Application Security, and other cybersecurity domains across Discover, Design, Build, Test, and Operate.
   
• Assist in the planning, execution, and monitoring of security tasks, ensuring alignment with security objectives and compliance standards.
   
• Identify security risks, pain points, and improvement opportunities and collaborate with relevant teams to develop mitigation strategies.
   
• Liaise with technical and non-technical stakeholders to ensure clear understanding of security issues and requirements.
   
• Facilitate remediation efforts by providing guidance and support to relevant teams.
   
• Collaborate closely with internal stakeholders and external vendors on detailed security configurations, documentation, testing, disaster recovery drills, production readiness, etc.
   
• Explore emerging security technologies and maintain a good understanding of the latest attacks, vulnerabilities, industry best practices, and relevant legal/regulatory requirements.

Requirements

• Bachelor’s degree or above in Computer Science, Information Security, Network Security, Software Engineering, Information Technology, or other related disciplines.
   
• At least 5 years of hands-on experience as a Cybersecurity Architect/Specialist/Engineer/Analyst or equivalent role(s).
   
• At least 3 years of experience in Identity & Access Management (IGA/AM/PAM).
   
• Hands-on experience with any of the following is preferred: IGA/AM/PAM solutions (e.g. SailPoint, Okta, Auth0, CyberArk, RankEZ, Paraview, Haiyi), Microsoft Entra ID and Active Directory, MFA, OIDC/OAuth 2.0, SAML/LDAP, Azure/Alibaba/Huawei Cloud, Microsoft Purview Information Protection (or AIP/RMS/IRM), database technologies.
   
• Any relevant professional certificates (e.g. CISSP, CISP, CISM, CCSP, CIDPRO) would be an advantage.
   
• Good understanding of Identity & Access Management (IAM/PAM/IGA) and relevant industry security standards/frameworks and best practices.
   
• Experience in any of the following areas would be an advantage: Endpoint Detection and Response (EDR), Data Loss Prevention (DLP), Data Security, Application Security.
   
• Good interpersonal and communications skills, analytical thinking, structured problem-solving, fast learning, committed, proactive, and upholds integrity and quality.
   
• Professional working proficiency in both verbal and written English and Chinese.

Applications

You are invited to apply online via http://www.mtr.com.hk/mtr_job_en or send in your CV stating the position (with reference number) you are applying for by mail to Human Resource Management Department, MTR Corporation, G.P.O. Box 9916, Hong Kong on or before 12 March 2026.
For other job openings, please visit MTR Corporation's website for more details.
All information provided by applicants will be treated in strict confidence and used for recruitment purpose only. All personal data of unsuccessful applicants will be retained for 12 months for future recruitment purpose and will then be destroyed.