Cyber Security Manager
Classy Wheeler
- Taikoo Shing, Hong Kong
- $50,000 per month
- Permanent
- Full-time
- Being an Application Security Evangelist who translates security concepts for developers
- Improving and maintaining secure development standards and managing application security framework improvement projects
- Integrating security tools, standards and processes into the Software Development Life Cycle (SDLC)
- Ensuring that developers are trained with the appropriate level of security knowledge to perform their daily activities
- Improving and supporting application security tool deployments including static analysis and runtime testing tools
- Producing metrics reporting the state of application security programs and performance of development teams against requirements
- Supporting Vendor Security activities to ensure third party software and development meets security standards
- Supporting the incident response and architecture review processes whenever application security expertise is needed
- Holding third party’s accountable for code quality
- Integrating threat modeling practices into the product life cycle
- Conducting application security design reviews and prioritize all application security issues
- Providing security requirements for test-driven design
- Partnering with third parties to provide penetration testing services
- University degree in Computer Science or related disciplines
- Over 5 years’ experience in IT Application security and risk management area
- Strong technical or security skills related to IT applications and infrastructure Solid experience in cyber security controls and incident handling
- Good knowledge in Companying environment
- Knowledge and experience in Fintech is desirable
- Strong knowledge of Companying regulations / guidelines relating to cyber security and technology risk management
- Strong self-motivation, with good leadership, communication, interpersonal and analytical skills
- Great sense of ownership and servicing mindset
- Good command of both spoken and written English and Chinese; Mandarin is an advantage
- Possess at least two of the professional qualification such as CISM, CISA, CISSP, CEH, GWAPT, GPEN and OSCP
- Experienced in web and mobile application development/penetration testing preferred
- Experienced in performing security risk assessment and audits based on industry standards
- Familiar with various cybersecurity related framework such as ISO 27001 ISMS, CIS CSC (CIS Critical Security Controls) and NIST Cyber Security Framework
- Candidates with less experience will be considered as Assistant Manager