top of page

IT Risk and Security Associate (Application) - Leading Financial Institution

IT Security & Risk

29 November 2023

Hong Kong

Our client, a leading financial institution with sophisticated technology platforms, is looking for an IT Risk and Security Associate (Application), you will play a key role in ensuring the security and integrity of the application portfolio from a 1.5-line defense perspective. You will be responsible for risk assessment, vulnerability management, and application security across our organization. This is a challenging and rewarding role that requires a strong understanding of IT risk management principles, application security best practices, and excellent analytical and communication skills.



  • Conduct risk assessments and vulnerability scans on the application portfolio to identify any potential security risks.

  • Collaborate with cross-functional IT teams to remediate identified vulnerabilities and ensure the overall security of our applications.

  • Define and implement application security controls and guidelines in line with industry best practices and regulatory requirements.

  • Conduct regular security reviews and audits of our application portfolio to ensure compliance with security policies and standards.

  • Monitor and respond to security incidents, including investigating, analyzing, and reporting any potential threats or breaches.

  • Stay up-to-date with the latest IT security trends, industry standards, and regulatory requirements to proactively address emerging threats and risks.

  • Provide guidance and support to development teams on secure coding practices and application security testing.

  • Collaborate with other IT teams to develop and maintain secure application architectures and deployment practices.

  • Assist in the development and maintenance of IT risk management frameworks, policies, and procedures.

  • Work closely with internal and external auditors to provide necessary information and ensure compliance with audit requirements.


Qualifications and Skills:

  • Bachelor's degree in Information Technology, Computer Science, or a related field.

  • Minimum of 8 years of experience in IT risk management, application security, or related roles in a financial institution or similar industry.

  • Strong understanding of IT risk management principles, application security best practices, and regulatory requirements (e.g., NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, and PMBOK)

  • Experience with application security assessment tools and frameworks (e.g., OWASP, Fortify, Burp Suite).

  • Knowledge of secure coding practices, security testing methodologies, and common application vulnerabilities.

  • Familiarity with financial services industry regulations and compliance requirements.

  • Professional certifications such as CISSP, CISA, CISM, or equivalent are highly desirable.

  • Excellent analytical and problem-solving skills, with the ability to identify and mitigate potential security risks.

  • Strong communication in English and Chinese (Cantonese / Mandarin) and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.

  • Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.

  • Proven ability to adapt to a fast-paced and changing environment.

bottom of page