Assistant Manager - In-house IT (Cyber Security / Application Security) - HK

K Posted byRecruiter

Work you'll do : About this role

With strong background in both IT and Security. You'll use this dual expertise as you work closely with the internal / external development / technology team on various security checkpoints in defining security requirements, security controls design, security testing and quality assurance check according to globally-defined standards and policies.

Accountabilities – Key Result Areas

Provide advisory support to business stakeholders and various application development teams on proper managing IT security risk throughout software development life cycle inpliance with the Technology Operating Model.

Work closely with project team on various security checkpoints in defining security requirements, security controls design, security testing and quality assurance check according to globally-defined standards and policies

Co-ordinate with business functions in conducting security risk assessment, application architecture review, security requirements identification and controls verification processes

Perform vulnerability scanning and penetration testing on applications and work with developers to resolve security related issues and provide consultancy on coding best practices and mitigations prior to production release

Participate to build up a culture of secure SDLC and raise awareness to developers on programming practices according to the secure coding requirements and guidelines

Contribute to ensurepliance to corporate information security policies, standards and practices as well as liaise with relevant stakeholders, including contractors and vendors

Assist to manage application security framework and drive other information security initiatives.

We are looking for someone with :

Experience / Qualification Requirements

3-5 years' experience in managing application security risk from development to production stage with knowledge of secure coding practices andmon threat vectors such as the OWASP top 10.

Degree holder in Information Security,puter Science, Information System or related discipline

CISSP, CSSLP, CEH, GWAPT or equivalent security related qualifications is preferred

Managerialpetencies

Strong self-motivation, pro-active, goodmunication and analytical skills

Good people skills to work with business users and technical teams, independently work with less supervision and under pressure

Goodmand of both spoken and written Chinese (including Mandarin) and English

Technicalpetencies

Excellent knowledge of the Secure SDLC with sound application development background would be preferable

Knowledge and experience in networking, system and cyber security administration and best practices

Exposure on cloud platform, cloud security industry best practices would be a plus

Working knowledge of vulnerability testing tools and methodologies