Our client, a leading financial institution with sophisticated technology platforms, is looking for an IT Risk and Security Associate (Application), you will play a key role in ensuring the security and integrity of the application portfolio from a 1.5-line defense perspective. You will be responsible for risk assessment, vulnerability management, and application security across our organization. This is a challenging and rewarding role that requires a strong understanding of IT risk management principles, application security best practices, and excellent analytical and communication skills.
Conduct risk assessments and vulnerability scans on the application portfolio to identify any potential security risks.
Collaborate with cross-functional IT teams to remediate identified vulnerabilities and ensure the overall security of our applications.
Define and implement application security controls and guidelines in line with industry best practices and regulatory requirements.
Conduct regular security reviews and audits of our application portfolio to ensure compliance with security policies and standards.
Monitor and respond to security incidents, including investigating, analyzing, and reporting any potential threats or breaches.
Stay up-to-date with the latest IT security trends, industry standards, and regulatory requirements to proactively address emerging threats and risks.
Provide guidance and support to development teams on secure coding practices and application security testing.
Collaborate with other IT teams to develop and maintain secure application architectures and deployment practices.
Assist in the development and maintenance of IT risk management frameworks, policies, and procedures.
Work closely with internal and external auditors to provide necessary information and ensure compliance with audit requirements.
Qualifications and Skills:
Bachelor's degree in Information Technology, Computer Science, or a related field.
Minimum of 8 years of experience in IT risk management, application security, or related roles in a financial institution or similar industry.
Strong understanding of IT risk management principles, application security best practices, and regulatory requirements (e.g., NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, and PMBOK)
Experience with application security assessment tools and frameworks (e.g., OWASP, Fortify, Burp Suite).
Knowledge of secure coding practices, security testing methodologies, and common application vulnerabilities.
Familiarity with financial services industry regulations and compliance requirements.
Professional certifications such as CISSP, CISA, CISM, or equivalent are highly desirable.
Excellent analytical and problem-solving skills, with the ability to identify and mitigate potential security risks.
Strong communication in English and Chinese (Cantonese / Mandarin) and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
Proven ability to adapt to a fast-paced and changing environment.