Manager - IT Security

Responsibilities

• Lead the continuous improvement of Application Security practices across the application lifecycle; Web applications, APIs, WeChat MiniApp, Cloud-native and Containerized workloads.
• Collaborate with the respective infrastructure and application project team to define practical and implementable remediation plans, remediate the vulnerabilities, and reduce the attack surface and cyber risks.
• Perform security risk assessments of IT systems to identify security weaknesses and non-compliance during application design, onboarding, major changes, or migrations, from a security perspective, including authentication, authorization, access control, API exposure, data flows, trust boundaries, etc.
• Proactively identify security gaps and risks in applications, and lead end-to-end security projects to address them, from solution evaluation and tool selection through architecture design, engineering implementation, testing, and operational handover.
• Identify and implement RPA/automation to improve efficiency.
• Occasional business trip (to the Chinese Mainland/HK) is required.

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Business Computing, or related disciplines.
• 12+ years of IT experience, at least 5+ years of IT security experience, with property management industry experience is an advantage
• Holder of professional security certifications such as CISSP, SSCP, or OSCP, and certification in cloud security and application security, is an advantage.
• Understand and have hands-on experience with common attack/risk patterns, especially those in applications, e.g., OWASP Top 10 and ATT&CK, and their preventive/protective controls with implementation, e.g., WAF, RASP, SAST, DAST.
• Experience in integrating Application Security into the Software Development Lifecycle (SDLC) or DevSecOps practices.
• Be able to recommend and manage security protection on different layers, including production systems, platform configurations, security logs, and protection controls, with measurable control effectiveness defined.
• Hands-on knowledge of application security, e.g., code review container security, web security, API security.
• Familiar with application vulnerability management, cyber hygiene, web application testing concepts and techniques.
• A strong team player with good analytical and problem-solving skills.
• Good communication skills; able to clearly communicate security risks/concepts to technical teams and non-technical stakeholders.
• Good in English and Mandarin Chinese.
• Project management experience is preferred.
• Embraces values of integrity, sustainability, excellence, and openness.