Responsibilities:
1.Responsible for security risk assessments on new and existing applications and systems to ensure strong risk management strategies, tools, frameworks and standards are in place.
2.Identify and provide analysis and recommendations for IT security risks, and track corrective actions performed by the business thru risk exception process.
3.Provide accurate and timely reports to demonstrate individual and team activities and progress
4.Work closely with IT and business representatives to drive risk assessment and remediation
5.Provide consultation on security policies and general best practices
6.Evaluate and provide security approvals related to application and infrastructure changes with focus on firewall rule approval and recertification.
7.Participate in audits to establish compliance with security policy and country regulations
8.Contribute to individual, team, and security function continuous improvement projects.

Requirements:
In order to succeed in this role, you must:
-Advanced knowledge of infrastructure and application security and risk management concepts.
-Have good understanding of industry regulations i.e. MAS TRM, HKMA, FSA, etc.
-Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.
-Must have demonstrable previous IT Security experience in risk management, audits/compliance, security system development, and/or operations. Vulnerability/ Patch Management experience is a plus.
-Prior experience in DevSecOps methodology and its application is preferred
-Must have direct IT and business stakeholders management in a confident and responsive manner. Previous security sales and/or team management experience should be highlighted.
-Must have excellent English oral and written communication.
-Must be motivated, and able to work independently as well as part of a team and must demonstrate ethical responsibility, maturity, and discretion

It also helps if you have the following certification(s) or equivalent experience, are preferred:
CRISC, CISM, CISA, CISSP, ITIL, GCCC