Analyst Programmer (Information Security Office) Various Posts

Application Deadline : 22 July 2025

Date of Issue : 8 July 2025

Vacancy Notification Circular No. HOITD2507003

Position

:

Analyst Programmer (Information Security Office) – Various Posts

Post A – Security Assurance

Post B – Security Operations

Post C – Security Service

Rank

:

Analyst Programmer

Department / Cluster

:

Information Technology and Health Informatics Division, HA Head Office

Pay

:

HK$41,484 to HK$63,338 (HGPS Point 17 to 26) per month including Monthly Allowance

Up to 15% of total basic salary (after deducting the contribution of Mandatory Provident Fund by Hospital Authority) as end-of-contract gratuity may be offered to contract staff upon completion of the contract subject to satisfactory performance.

Key Responsibilities:

Post A – Security Assurance

Monitor and assist in the execution of the HA’s cybersecurity strategy to manage emerging risks and support IT initiatives.

Support security assessments, technology risk management, development of IT security policy and standards and cybersecurity related initiatives.

Assist in the implementation of HA’s cybersecurity strategy programme and information security management system through provision of related expertise.

Support the integration of information security management foundations and development of metrics, dashboards and KPIs to drive governance, quality and efficiency.

Post B – Security Operations

Provide operation support including security monitoring, detection and response to manage emerging risks and ensure cyber resilience.

Support the development and execution of the security incident management process including incident identification, assessment, handling, reporting, communication and mitigations.

Assist in driving automation, analytics and advanced threat intelligence analysis through provision of related expertise.

Manage the security technology delivery, assess and continually improve outputs and key processes for driving operational excellence.

Monitor the information security service providers for IT security system and drive continuous improvement through technology / process innovation and operational change.

Post C - Security Service

Assist in the design, development and deployment of cybersecurity-related training programme.

Assist in the development of an interactive platform for cybersecurity awareness campaigns with elements of automation to integrate with existing IT systems / platforms.

Provide on-going technical support, conduct user analytics and provide recommendations to optimize user engagement and experience.

Entry Requirements:

Degree in Computer Science or relevant disciplines; or equivalent.

4 years’ post-qualification Information Technology (IT) related experience.

Preferable Attributes/Exposure:

For Post A

Proven experience in the following areas:

Information security assurance and governance, technology compliance and IT security policy and standard

Information security management (e.g. security operations, risk assessment, network & application security and security engineering)

Possession of Certified Information Systems Auditor (CISA) / Certified Information Security Manager (CISM) / Certified Information Systems Security Professional (CISSP) / Certified Information Security Professional (CISP) or other relevant qualifications.

For Post B

Proven experience in the following areas:

Incident management

Security Information and Event Management (SIEM) systems / Identity and Access Management (IAM)

Python and Java programming

MySQL and PostgreSQL database

Possession of Certified Information Systems Security Professional (CISSP) / Certified Information Security Professional (CISP) or other relevant qualifications.

For Post C

Proven experience in the following areas:

Web application development using HTML, CSS, JavaScript, Python or PHP

Frontend & backend software development

Database management

Application Programming Interface (API) and third-party integration

Knowledge in learning management system (LMS) or gamification platform is an added advantage.

For All Posts

Self-motivated, independent and able to work under pressure.

Good interpersonal skills and a good team player committed to high quality services.

Good command of written and spoken English.

Remarks

Please refer to for “Notes to Applicants”.

May be required to work over-night shifts and/or provide 24-hour on call support, and when necessary, provide on-site support services at different hospitals.

For serving HA staff, relevant experience gained in HA may be considered as equivalent to post-qualification experience.

Please submit application online on or before 22 July 2025.

For enquiries, please telephone 2300 8669 or 2300 8885.