Back to jobs

Security Architect - Vulnerability / Tech Risk (2LOD) - 100K

Job description

My clients are well renowned sports & entertainment organization / French Luxury Retail Brand / Property Developer.

They are actively looking for a Security Architect (3 different roles - Vulnerability Management / Security Architecture / Technology Risk) join their cyber security division.

CyberSecurity Architect (Vulnerability Management or Security Architecture - 2 different roles), up to 100K basic per month!

Vulnerability Management: He / She should be able to manage the vulnerability threat assessment and patch management advisory operations through analysis of open and commercial security intelligence feeds, and ensure business and IT patch management teams comply with defined Service Level Agreements (SLAs) for security patch deployment.

Job requirement

  • Minimum 12+ years of IT experience with at least 8 years in First Line of Defense (1LOD) cybersecurity functions
  • Cybersecurity certification such as GCIH, GSOC, CISSP, CISA, CISM, OSCP, MITRE ATT&CK Defender etc. would be desirable
  • Strong background in Threat and Vulnerability Management
  • Strong technical background, particularly in web application development, infrastructure & networking.
  • Must possess in depth understanding of networking and routing protocols
  • Expertise in security testing, threat and vulnerability management tools and techniques, particularly around vulnerability scanning, patch management and penetration testing
  • In-depth experience of secure coding practices, source code review, and Internet threat vectors such as the OWASP top 10
  • Deep knowledge of secure networking infrastructure, Firewall, IDS/IPS, WAF, Secure MTA, Load Balancer, Internet Proxy as well as End-Point security
  • Working knowledge in ISO27001/2 or regulatory compliance standard

Security Architecture (DevSecOps) - He or she should be able to deliver feasible security solutions for the enterprise level of architecture. He or she should also be familar with the DevSecOps process, develop roadmap for tracking purposes, review security standards and guidelines to the enterprise security architecture.

Job requirement

  • Deep expertise and knowledge of the Security Domain with 10+ years of experience
  • At least 3+ years of experience leading Security Architecture for a technology focused organization
  • Degree holder or Post-Graduate qualification in IT-related disciplines
  • Sound knowledge and understanding of latest security tools, security design methodologies, architecture frameworks and security risk assessment methods
  • Knowledge of privacy related laws in HK and China
  • Relevant professional certifications (such as TOGAF, CISSP, CISM, GSE, or other equivalent) preferred
  • Able to accept technical challenges involved with defining the future of security
  • A passion for educating and working with diverse technical teams
  • Experience in security technologies including web application security, anti-bot solutions, WAF, application layer firewalls, IDS/IPS, SIEM, stateful inspection, TCP/IP, cryptography, authentication, different attack vectors, vulnerability assessment and application penetration testing
  • Strong knowledge and experience in network infrastructure such as SDWAN, SDN and Zero Trust Networks.
  • Experience with fundamental Internet protocols: BGP, GRE, MPLS, CDN, TCP/IP, SSL/TLS, HTTP, FTP, DNS
  • Knowledge of ISMS, ISO27000 series, ATT&CK, OWASP Top 10 and other major information security frameworks

Senior Manager, Technology Risk - He or she should be coming from financial & big 4 audit background with main focus in technology risk consulting or exposures in in-house security policy review.

Job requirement

  • Degree qualification in Engineering, Computer Science or relevant disciplines
  • Minimum 12-15 years of work experience in information security, technology and risk management (1 st , 2 nd and/or 3 rd line of defence).
  • Knowledge and practical experience in adopting international best practise, Secure Controls Framework will be an advantage.
  • Strong presentation skill to broad audience and senior management
  • Solid organisation, problem solving and analytical skills with the ability to work under pressure and set right priorities to deliver results on time
  • Ability to build relationship with stakeholders and facilitate effective discussions with people at all levels
  • Self-motivated and be able to support large scale IT Risk programme and maintain the highest standards of conduct and integrity and ensure compliance with accepted industry practices, company policies, regulatory requirement e.g. GDPR, PII etc.
  • Industry-recognised certification in information security, risk management or equivalent experience (CISA, CISM, CISSP, CRISC, ISO27000, ISO31000 etc.)

Please contact Wayne Cheung at +852 3103 4308 or wayne.cheung@ambition.com.hk. For more information, please visit http://www.ambition.com.hk

If this job isn't quite right for you, but you know someone who would be great at this role, why not take advantage of our referral scheme? We offer HKD1000 in Apple gift cards for every referred candidate who we place in a role. Terms & Conditions Apply. https://www.ambition.com.hk/refer-a-friend