Manager IT Security

Company Overview
Hang Lung Properties Limited a constituent stock of the Hang Seng Index and Hang Seng Corporate Sustainability Indices in Hong Kong is a leading real estate developer in Hong Kong and mainland China. Boasting a diversified portfolio of investment properties in Hong Kong we have progressively branched out into the Mainland since the 1990s building owning and managing world-class commercial complexes in key cities that have earned international acclaim for their exceptional quality of architectural design services and sustainable features.

Our people are the most precious asset of the Hang Lung family and the key to our success. They drive forward our development through their commitment professionalism and caring services. As we extend our business horizons we continue to devote significant resources and energy to developing the expertise and skills of our outstanding team.

We are looking for people who are talented energetic self-motivated team players. Are you ready to join us now

Responsibilities

• Lead the continuous improvement of Application Security practices across the application lifecycle; Web applications APIs WeChat MiniApp Cloud-native and Containerized workloads.
• Collaborate with the respective infrastructure and application project team to define practical and implementable remediation plans remediate the vulnerabilities and reduce the attack surface and cyber risks.
• Perform security risk assessments of IT systems to identify security weaknesses and non-compliance during application design onboarding major changes or migrations from a security perspective including authentication authorization access control API exposure data flows trust boundaries etc.
• Proactively identify security gaps and risks across infrastructure applications and cloud platforms and lead end-to-end security projects to address them from solution evaluation and tool selection through architecture design engineering implementation testing and operational handover.
• Coach a small team on security vulnerabilities/findings KPI status and vulnerability risk management process.
• Manage a small team on security hardening and compliance checking for Cloud platforms (Alibaba Cloud AWS and Azure); Servers databases and networks; Container and Kubernetes-based platforms.
• Provide advisory to junior team members on operations process improvement for various security products/practices e.g. Palo Alto Cortex Office 365 Security Suite Privileged Account Management (PAM) Tenable Nessus Pro scanner Unified Endpoint Management (UEM) red team testing etc.
• Identify and implement RPA/automation to improve efficiency.
• Occasional business trip (to the Chinese Mainland) is required.

Requirements

• Bachelors degree in Computer Science Information Systems Business Computing or related disciplines.
• 5 years of IT security experience with property management industry experience is an advantage
• Holder of professional security certifications such as CISSP SSCP or OSCP and certification in cloud security and application security is an advantage.
• Understand and have hands-on experience with common attack/risk patterns especially those in applications e.g. OWASP Top 10 and ATT&CK and their preventive/protective controls with implementation e.g. WAF RASP SAST DAST.
• Experience in integrating Application Security into the Software Development Lifecycle (SDLC) or DevSecOps practices.
• Be able to recommend and manage security protection on different layers including production systems platform configurations security logs and protection controls with measurable control effectiveness defined.
• Hands-on knowledge of infrastructure security and application security e.g. endpoint security email security container security web security API security NGFW operating systems.
• Familiar with vulnerability management and cyber hygiene concepts computer network/web application testing and techniques.
• A strong team player with good analytical and problem-solving skills.
• Good communication skills; able to clearly communicate security risks/concepts to technical teams and non-technical stakeholders.
• Good English and Chinese Mandarin language skills.
• Project management experience is preferred.
• Embraces values of integrity sustainability excellence and openness.

We are an equal opportunity employer and welcome applications from all qualified candidates. We offer an attractive remuneration package and excellent prospects for career advancement to the right candidate. Please send detailed resume to Human Resources Department by clicking Easy Apply button. For more information about our Company please visit our website: Please read the following Personal Information Collection Statement before applying.

Personal Information Collection Statement (For recruitment purposes)

Information collected by Hang Lung Properties Limited and/or its associated companies will be treated in strict confidence and will be used exclusively for recruitment and other employment-related purposes. Information collected may be disclosed to such person or organization for the purpose of verifying the accuracy of the information provided by the applicant. The provision of true complete and accurate information required in support of applications is necessary for selection purposes. Failure to do so may affect the processing and outcome of your application. Applicants who do not hear from us within 8 weeks from the date of application may consider their applications unsuccessful and their personal data will typically be destroyed within 12 months after rejection of the application. Applicant has the right to request access to and correction of your personal data in writing to Data Protection Officer of Hang Lung Properties Limited at 28/F Standard Chartered Bank Building 4 Des Voeux Road Central Hong Kong.

For further information please refer to Hang Lung Properties Limiteds Privacy Statement at Experience:

Manager