Information Security Architecture & Engineering Lead - IT (Security Architecture & Engineering)
The Information Security Architecture and Engineering Lead is accountable for designing and maintaining enterprise IT security solutions to address HKEX security requirements. Direct report to the Head of Information Security, this role will lead an IT security architecture and engineering team, working closely with IT Innovation Lab, software engineering teams, IT infrastructure team, IT compliance, security operations and cyber technology risk team. Taking lead in defining enterprise security architecture, developing roadmaps, sourcing of relevant security technologies, engineering secure solutions and ensuring IT systems are implemented in accordance to company IT security requirements, blueprints and specifications, and operate within acceptable risk tolerance. Job Responsibilities:
- Designing & engineering both on premise and cloud information security solutions to meet enterprise IT solutions requirements.
- Ensuring IT solutions are built and implemented to the agreed information security standards (architecture, design and solution specification) during the SDLC process and providing final sign off.
- Accountable for ensuring effective security architecture governance, policy, process and guidance is in place to mandate repeatable, secure IT design and engineering practices.
- Serve as an expert advisor to promote company-wide information security design practices, policy and control framework.
- Conduct threat and vulnerability analysis as part of the information security design and solution engineering process.
- Develop strategies for enterprise security solutions to meet the current threat landscape.
- Implement and effectively operate enterprise security solutions and infrastructures.
- Introduce engineering, testing and compliance processes to ensure that the enterprise security solutions are maintained and kept abreast of the emerging threat landscape.
- Monitor developments in the information security industry and communicate on the potential impact or applicability to the organization
- Participate and contribute to industry cyber forums, both formal and informal.
- Must have relevant information security experience working with or for a global exchange or a global financial firm.
- Must have solid knowledge and experience in cloud technologies, and familiar with cloud security architecture, design and operations.
- Relevant experience with Sec DevOps principles, Security Automation and Orchestration.
- Must have relevant experience with industry best-practice approaches to the design, implementation, operation and management of IT systems (e.g. Agile, Waterfall, ITIL, COBIT)
- Must have relevant experience with information security (e.g. CISSP, CCSP) and enterprise architecture methods (e.g. SABSA, TOGAF or Zachman)
- Desirable to have relevant experience, working with IT development team to implement secured solutions in exchange related systems, for example, order management system, trading system, market data systems, clearing & settlements.
- Must have strong information security technology knowledge/concept and can effectively communicate with senior management and a broad range of technical/non-technical audiences. Strong written communication skills, experienced with writing board-level papers and verbal presentations to senior management.
- Must have a relevant University degree in Computer Science, Information Management, or related field, or equivalent experience.
Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX