The Job Description:
Deliver IT Security Risk Assessments and be an IT Security Champion to the business, with focus on new and existing applications utilizing Agile techniques (DevSecOps).:

Responsibilities:
• Responsible for security risk assessments on new and existing applications and systems to ensure strong risk management strategies, tools, frameworks and standards are in place.
• Identify and provide analysis and recommendations for IT security risks, and track corrective actions performed by the business thru risk exception process.
• Provide accurate and timely reports to demonstrate individual and team activities and progress
• Work closely with IT and business representatives to drive risk assessment and remediation
• Provide consultation on security policies and general best practices
• Evaluate and provide security approvals related to application and infrastructure changes with focus on firewall rule approval and recertification.
• Participate in audits to establish compliance with security policy and country regulations
• Contribute to individual, team, and security function continuous improvement projects.

Requirements:
In order to succeed in this role, you must:
• Advanced knowledge of infrastructure and application security and risk management concepts.
• Have good understanding of industry regulations i.e. MAS TRM, HKMA, FSA, etc.
• Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.
• Must have demonstrable previous IT Security experience in risk management, audits/compliance, security system development, and/or operations. Vulnerability/ Patch Management experience is a plus.
• Prior experience in DevSecOps methodology and its application is preferred
• Must have direct IT and business stakeholders management in a confident and responsive manner. Previous security sales and/or team management experience should be highlighted.
• Must have excellent English oral and written communication.
• Must be motivated, and able to work independently as well as part of a team and must demonstrate ethical responsibility, maturity, and discretion

It also helps if you have the following certification(s) or equivalent experience, are preferred:
CRISC, CISM, CISA, CISSP, ITIL, GCCC