Can't find your job on the list?
Manager - Cyber-Security (Application)
Client Description

Listed “blue-chip” in Hong Kong

Job Description

• Being an Application Security Evangelist who translates security concepts for developers
• Improving and maintaining secure development standards and managing application security framework improvement projects
• Integrating security tools, standards and processes into the Software Development Life Cycle (SDLC)
• Ensuring that developers are trained with the appropriate level of security knowledge to perform their daily activities
• Improving and supporting application security tool deployments including static analysis and runtime testing tools
• Producing metrics reporting the state of application security programs and performance of development teams against requirements
• Supporting Vendor Security activities to ensure third party software and development meets security standards
• Supporting the incident response and architecture review processes whenever application security expertise is needed
• Holding third party’s accountable for code quality
• Integrating threat modeling practices into the product life cycle
• Conducting application security design reviews and prioritize all application security issues
• Providing security requirements for test‐driven design
• Partnering with third parties to provide penetration testing services

Job Requirements

• University degree in Computer Science or related disciplines
• Over 5 years’ experience in IT Application security and risk management area
• Strong technical or security skills related to IT applications and infrastructure Solid experience in cyber security controls and incident handling
• Good knowledge in Companying environment
• Knowledge and experience in Fintech is desirable
• Strong knowledge of Companying regulations / guidelines relating to cyber security and technology risk management
• Strong self-motivation, with good leadership, communication, interpersonal and analytical skills
• Great sense of ownership and servicing mindset
• Good command of both spoken and written English and Chinese; Mandarin is an advantage
• Possess at least two of the professional qualification such as CISM, CISA, CISSP, CEH, GWAPT, GPEN and OSCP
• Experienced in web and mobile application development/penetration testing preferred
• Experienced in performing security risk assessment and audits based on industry standards
• Familiar with various cybersecurity related framework such as ISO 27001 ISMS, CIS CSC (CIS Critical Security Controls) and NIST Cyber Security Framework

Function
Information Technology
Employment Type
Permanent
Salary Range
HK$ 50000 - 65000
Yr(s) of Exp
5
Education Required
Bachelor Degree
Location
Central
Post Date
2018-09-11