Manager - IT Security

Company Overview
Hang Lung Properties Limited, a constituent stock of the Hang Seng Index and Hang Seng Corporate Sustainability Indices in Hong Kong, is a leading real estate developer in Hong Kong and mainland China. Boasting a diversified portfolio of investment properties in Hong Kong, we have progressively branched out into the Mainland since the 1990s, building, owning and managing world-class commercial complexes in key cities that have earned international acclaim for their exceptional quality of architectural design, services and sustainable features.

Our people are the most precious asset of the Hang Lung family and the key to our success. They drive forward our development through their commitment, professionalism and caring services. As we extend our business horizons, we continue to devote significant resources and energy to developing the expertise and skills of our outstanding team. 

We are looking for people who are talented, energetic, self-motivated team players. Are you ready to join us now?

Responsibilities

• Lead the continuous improvement of Application Security practices across the application lifecycle; Web applications, APIs, WeChat MiniApp, Cloud-native and Containerized workloads.
• Collaborate with the respective infrastructure and application project team to define practical and implementable remediation plans, remediate the vulnerabilities, and reduce the attack surface and cyber risks.
• Perform security risk assessments of IT systems to identify security weaknesses and non-compliance during application design, onboarding, major changes, or migrations, from a security perspective, including authentication, authorization, access control, API exposure, data flows, trust boundaries, etc.
• Proactively identify security gaps and risks across infrastructure, applications, and cloud platforms, and lead end-to-end security projects to address them, from solution evaluation and tool selection through architecture design, engineering implementation, testing, and operational handover.
• Coach a small team on security vulnerabilities/findings KPI status and vulnerability risk management process.
• Manage a small team on security hardening and compliance checking for Cloud platforms (Alibaba Cloud, AWS, and Azure); Servers, databases, and networks; Container and Kubernetes-based platforms.
• Provide advisory to junior team members on operations process improvement for various security products/practices, e.g., Palo Alto Cortex, Office 365 Security Suite, Privileged Account Management (PAM), Tenable Nessus Pro scanner, Unified Endpoint Management (UEM), red team testing, etc.
• Identify and implement RPA/automation to improve efficiency.
• Occasional business trip (to the Chinese Mainland) is required.

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Business Computing, or related disciplines.
• 5+ years of IT security experience, with property management industry experience is an advantage
• Holder of professional security certifications such as CISSP, SSCP, or OSCP, and certification in cloud security and application security, is an advantage.
• Understand and have hands-on experience with common attack/risk patterns, especially those in applications, e.g., OWASP Top 10 and ATT&CK, and their preventive/protective controls with implementation, e.g., WAF, RASP, SAST, DAST.
• Experience in integrating Application Security into the Software Development Lifecycle (SDLC) or DevSecOps practices.
• Be able to recommend and manage security protection on different layers, including production systems, platform configurations, security logs, and protection controls, with measurable control effectiveness defined.
• Hands-on knowledge of infrastructure security and application security, e.g., endpoint security, email security, container security, web security, API security, NGFW, operating systems.
• Familiar with vulnerability management and cyber hygiene concepts, computer network/web application testing and techniques.
• A strong team player with good analytical and problem-solving skills.
• Good communication skills; able to clearly communicate security risks/concepts to technical teams and non-technical stakeholders.
• Good English and Chinese Mandarin language skills.
• Project management experience is preferred.
• Embraces values of integrity, sustainability, excellence, and openness.

We are an equal opportunity employer and welcome applications from all qualified candidates. We offer an attractive remuneration package and excellent prospects for career advancement to the right candidate. Please send detailed resume to Human Resources Department by clicking “Easy Apply” button. For more information about our Company, please visit our website: http://www.hanglung.com/ Please read the following Personal Information Collection Statement before applying.

Personal Information Collection Statement (For recruitment purposes)

Information collected by Hang Lung Properties Limited and/or its associated companies will be treated in strict confidence and will be used exclusively for recruitment and other employment-related purposes. Information collected may be disclosed to such person or organization for the purpose of verifying the accuracy of the information provided by the applicant. The provision of true, complete and accurate information required in support of applications is necessary for selection purposes. Failure to do so may affect the processing and outcome of your application. Applicants who do not hear from us within 8 weeks from the date of application may consider their applications unsuccessful and their personal data will typically be destroyed within 12 months after rejection of the application. Applicant has the right to request access to and correction of your personal data in writing to “Data Protection Officer of Hang Lung Properties Limited” at 28/F, Standard Chartered Bank Building, 4 Des Voeux Road Central, Hong Kong.

For further information, please refer to Hang Lung Properties Limited’s Privacy Statement at https://www.hanglung.com/en-us/special-pages/privacy-policy-statement.