Listed “blue-chip” in Hong Kong

• Being an Application Security Evangelist who translates security concepts for developers
• Improving and maintaining secure development standards and managing application security framework improvement projects
• Integrating security tools, standards and processes into the Software Development Life Cycle (SDLC)
• Ensuring that developers are trained with the appropriate level of security knowledge to perform their daily activities
• Improving and supporting application security tool deployments including static analysis and runtime testing tools
• Producing metrics reporting the state of application security programs and performance of development teams against requirements
• Supporting Vendor Security activities to ensure third party software and development meets security standards
• Supporting the incident response and architecture review processes whenever application security expertise is needed
• Holding third party’s accountable for code quality
• Integrating threat modeling practices into the product life cycle
• Conducting application security design reviews and prioritize all application security issues
• Providing security requirements for test‐driven design
• Partnering with third parties to provide penetration testing services

• University degree in Computer Science or related disciplines
• Over 5 years’ experience in IT Application security and risk management area
• Strong technical or security skills related to IT applications and infrastructure Solid experience in cyber security controls and incident handling
• Good knowledge in Companying environment
• Knowledge and experience in Fintech is desirable
• Strong knowledge of Companying regulations / guidelines relating to cyber security and technology risk management
• Strong self-motivation, with good leadership, communication, interpersonal and analytical skills
• Great sense of ownership and servicing mindset
• Good command of both spoken and written English and Chinese; Mandarin is an advantage
• Possess at least two of the professional qualification such as CISM, CISA, CISSP, CEH, GWAPT, GPEN and OSCP
• Experienced in web and mobile application development/penetration testing preferred
• Experienced in performing security risk assessment and audits based on industry standards
• Familiar with various cybersecurity related framework such as ISO 27001 ISMS, CIS CSC (CIS Critical Security Controls) and NIST Cyber Security Framework