We are seeking a seasoned Cyber Security Expert to join our organization.
About the Role
This is an exciting opportunity for a highly skilled Cyber Security professional to take on a key role in ensuring the security and integrity of our systems and data.
Main Responsibilities
* Security Implementation
1. Develop and implement effective Secure Software Development Life Cycle (SDLC) practices, including DevSecOps and Threat Modelling;
2. Identify and implement the latest security standards for internet-facing and internal assets;
3. Enhance Vulnerability Management at the application level in terms of efficiency and effectiveness, including Static Acceptance Security Testing (SAST), Dynamic Acceptance Security Testing (DAST), and Software Composition Analysis (SCA);
4. Conduct regular Security Risk Assessments and reviews to be presented to relevant committees;
5. Ensure adequate security levels for all applications, regardless of project manager location and hosting provider.
* IT Security Compliance
1. Maintain alignment with Group and Wealth Management GAIM security policies, for both project and production assets;
2. Evaluate and ensure protection of Wealth Management business data with adequate security levels for Wealth Management assets, based on project assessment and production review processes;
3. Evaluate compliance with regulatory bodies requirements, including APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA);
4. Leverage deep knowledge of Security standards such as NIST, CIS, ISO2700x to ensure IT security requirements;
5. Evaluate compliance with Third-party Technology risks and Cloud security;
6. Identify process gaps and provide solutions.
* Cyber Security
1. Coordinate with other IT security or actors in the region or globally;
2. Assist in risk treatment for any Wealth Management issue, based on established processes;
3. Identify IT security risks in advance, record, and follow up on them;
4. Define and contribute to processes from a cybersecurity perspective;
5. Provide periodic reporting of security status to Wealth Management IT Domain Head and security champion;
6. Ensure regular reporting for management follow-up;
7. Investigate and handle Cyber alerts & Incidents until closure;
8. Onboard Assets & Applications in SIEM and handle BAU, create/update relevant documents.
* Production Security
1. Ensure the effectiveness and success of vulnerability management process;
2. Evaluate compliance level of the production environment and integrate to reporting.
Nice to Have
* Certifications: CISM, CCSP, CSK, CEH, CISSP
Technical Skills:
* Application Security;
* IT Security Compliance;
* Cyber Security Incident Management;
* Vulnerability Management.
Language Skills:
* English (mandatory);
* French appreciated.