top of page

Security Architect - Leading Financial Institution

IT Security & Risk

22 December 2023

Hong Kong

Our client, a leading investment bank, is looking for a Security Architect to manage their Group wise Application and Cyber Security review. Great exposure and an opportunity to join one of the most prominent financial institutions in the region.

 

  • Responsibilities:

  • Act as the SME to review application architectures in Application, Infrastructure, Cloud Computing, Mobile Technology, and Electronic Trading.

  • Lead the technology assessment across application security including Session Security, Vulnerability/PenTesting items, and Input Validation.

  • Review applications including Authentication, Authorization, and Auditing.

  • Review security reference architecture and security blueprints.

  • Develop and maintain security architecture artifacts.

  • Act as a Security SME and review implementation design to the application and Infrastructure team, where it will meet the industry security standards.

  • Conduct Technical risk assessments to capture security exceptions and design associated compensating controls based on the assessment results.  

  • Define and maintain the infrastructure and application security framework and provide security assessments.

 

Requirements:

  • At least 10 years of experience in the IT Application Security space.

  • Ability to articulate security principles and security risks to non-technical business stakeholders

  • Security Certificates in CISSP, CISM or equivalent.

  • Knowledge of the common application layer vulnerabilities (eg. OWASP 10), ability to explain these risks, and recommend countermeasures to mitigate these risks.

  • Extensive knowledge of application, network, and platform security vulnerabilities. Ability to explain these vulnerabilities to developers.

  • Ability to review the code of enterprise applications and identify possible security vulnerabilities.

  • Experience in conducting Information Security, IT Security, and Audit assessments. Presenting the outcomes of the evaluation and obtaining buy-in.

  • Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.

  • Working experience in security areas including Authentication (SAML, SiteMinder, Kerberos, OpenID), Data Protection, App Security, and Cryptography.

  • Excellent communication skills in English, this role will work with regional counterparts.

  • Bachelor's Degree in Computer Science or related field from a reputable University.

bottom of page