top of page

Application Security Lead - Leading Insurance Group

IT Security & Risk

25 June 2024

Hong Kong

We are seeking a highly skilled Application Security Lead to join a prestigious insurance group. In this pivotal role, you will support the senior management and the CISO in promoting and enhancing the cyber security maturity across the organization and its related entities. You will be instrumental in maintaining and advancing business-critical security solutions, ensuring the integrity and resilience of digital operations. This role demands a technically proficient and adaptable individual who can effectively communicate complex cybersecurity concepts to various stakeholders.


Key Responsibilities:

1. Application Security:

  • Assess and evaluate information security products and solutions to ensure their effectiveness and alignment with security standards.

  • Advise on and assess security controls for critical applications and IT infrastructure services.

  • Facilitate the deployment of strategic information security solutions to address cyber threats and mitigate information security risks.

  • Ensure cybersecurity resilience to proactively prevent business disruptions or service outages.

  •  Focus on reducing risk exposure, improving efficiency, and balancing data protection measures.


2. Stakeholder Engagement and Communication:

  • Engage and communicate effectively with key stakeholders such as IT team leaders and department heads to promote compliance with security standards.

  • Drive thought leadership and promote the importance of compliance in the evolving cybersecurity landscape.


3. Cross-Functional Coordination:

  • Coordinate ad-hoc cross-functional teams on special projects or critical initiatives related to information security.

  • Communicate with group offices, business partners, corporate clients, IT vendors, and external parties on IT security matters as needed.


4. Strategic Security Management:

  • Maintain a thorough understanding of industry trends, particularly in cloud security, and provide thought leadership on security challenges associated with cloud services.

  • Develop and implement robust authentication solutions, including Multi-Factor Authentication (MFA), OAuth2, and SAML, and manage encryption solutions.

  • Enhance the security of Internet-facing applications handling highly confidential information.

  • Utilize various security tools and methodologies to fortify applications and infrastructure.


5. DevSecOps and Cloud Integration:

  • Integrate security practices into the DevSecOps pipeline to ensure secure development and deployment processes.

  • Develop cloud-native applications on platforms such as AWS and Azure, ensuring their security and compliance with best practices.



  • Bachelor's degree in Computer Science, Information Systems, Engineering, Risk Management, or a related discipline.

  • At least 10 years of experience in IT Security Management or related positions.

  • Proficient in cloud industry trends and security challenges, with proven expertise in authentication solutions and encryption.

  • Extensive experience in hardening Internet-facing applications and hands-on use of various security tools.

  • Strong understanding and practical use of DevSecOps principles.

  • Experience in developing cloud-native applications (AWS, Azure) and production support is advantageous.

  • Holder of relevant audit professional qualifications and/or IT security certificates (e.g., CISA, CISM, CISSP).

  • Excellent written and oral communication skills, with a track record of effective cross-functional team facilitation.

  • Ability to solve complex problems and communicate technical concepts.

  • Self-motivated, confident, and credible, with the ability to work independently and inspire trust and respect.


If this outstanding opportunity sounds like your next career move, please submit through "Apply Now" or send your resume in Word format to Sedrick Chan at and put Application Security Lead - Leading Insurance Group in the subject header.


Data provided is for recruitment purposes only.

bottom of page