Assistant Vice President Information Security LME
Share
Job Location:
Monthly Salary:
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Location:
CN-Shenzhen-HyQShift:
Standard - 40 Hours (China)Scheduled Weekly Hours:
40Worker Type:
PermanentJob Summary:
As an AVP-level Security Engineer within Information Security you will lead the delivery and continuous improvement of security tooling and automation capabilities across the organisation. The role focuses on implementing and maturing Data Loss Prevention (DLP) Privileged Access Management (PAM) and secure administrative access (including SSH controls) with strong emphasis on integration automation operational readiness and measurable risk reduction. You will act as a technical subject-matter expert driving the roadmap partnering with Threat Detection and Engineering teams to operationalise alerting and response playbooks and ensuring controls are implemented in line with policy audit and regulatory expectations.Job Duties:
RESPONSIBILITIES:
DLP (Data Loss Prevention)
- Own and drive the DLP capability roadmap consolidating and integrating existing DLP controls and tools into a coherent operating model.
- Define DLP detection coverage data classification alignment and success metrics; continuously tune controls to reduce false positives/negatives.
- Collect normalise and analyse DLP indicators across multiple sources; identify trends patterns and control gaps and recommend remediation.
- Partner with Threat Detection to implement alerting standards triage playbooks and escalation paths for DLP events.
PAM (Privileged Access Management)
- Lead enhancements to PAM capabilities (e.g. onboarding privileged accounts policy hardening session monitoring) and ensure adoption across critical platforms.
- Design and implement User/Entity Behaviour Analytics (UEBA) use cases for privileged activity aligned to threat models and operational monitoring.
- Work with infrastructure and application owners to define standards for privileged access break-glass procedures and least-privilege enforcement.
Secure Administrative Access (SSH) Controls
- Deliver secure SSH key management integrated with PAM controls including rotation vaulting and access governance.
- Implement Just-in-Time (JIT) access privileged session management and audit/compliance controls for SSH administration.
- Establish engineering patterns and guidance for secure remote administration across Linux estates and container platforms.
Tooling Integration Automation & Operational Readiness
- Design and implement integrations via vendor APIs to enable automation data enrichment and improved end-to-end visibility.
- Build automation for data collection correlation and reporting using Python and APIs; improve repeatability resilience and operational efficiency.
- Ensure production readiness: monitoring logging documentation runbooks support procedures and service transition for security tooling.
- Support incident response by providing deep technical analysis contributing to investigations and driving post-incident improvements.
Governance Documentation & Stakeholder Management
- Maintain accurate audit-ready technical documentation control evidence and implementation standards for DLP/PAM/SSH controls.
- Communicate progress risks and dependencies clearly to stakeholders; coordinate delivery across InfoSec Threat Detection and Engineering teams.
- Contribute to security assessments and control design to ensure alignment with policy regulatory requirements and best practice.
REQUIREMENTS:
Academic and Professional Qualifications
- Bachelors degree in Information Security Computer Science or related discipline (or equivalent experience).
- Desirable: security certifications such as CISSP/CISM GIAC CCSP or vendor certifications relevant to DLP/PAM/SIEM.
Required Knowledge and Experience
- Typically 8 years in security engineering security operations or infrastructure security with demonstrable ownership of security tooling delivery.
- Hands-on experience implementing and operating DLP and/or PAM solutions (CyberArk experience strongly preferred).
- Practical experience with privileged session monitoring access governance and administrative access control patterns.
- Strong experience integrating platforms using vendor APIs; ability to design data flows for security telemetry and reporting.
- Strong scripting/automation skills (Python preferred) and familiarity with CI/CD practices for repeatable deployments.
- Solid understanding of Linux administration and SSH security best practices; container knowledge (Docker/Kubernetes) is beneficial.
- Experience partnering with detection/monitoring teams to build alerting triage and response playbooks; familiarity with UEBA concepts is advantageous.
Company Introduction:
ITD SZ
港交所科技深圳有限公司是2016年12月28日于深圳市前海自贸区成立的外商独资企业
作为港交所的技术子公司港交所科技深圳有限公司主要是为集团及其附属公司提供计算机软件计算机硬件信息系统云存储云计算物联网和计算机网络的开发技术服务技术咨询技术转让经济信息咨询企业管理咨询商务信息咨询商业信息咨询信息系统设计集成运行维护数据库管理大数据分析以承接服务外包方式提供系统应用管理和维护信息技术支持管理数据处理等信息技术和业务流程外包服务
Required Experience:
Exec
Key Skills
- Presentation Skills
- Risk Management
- Financial Services
- IFRS
- Banking
- Pricing
- Analysis Skills
- Securities Law
- Investment Banking
- Relationship Management
- Strategic Planning
- Leadership Experience
