We're home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all." Job Summary:
The Information Security Team consists of Security Strategy and Solution Architecture team, Security engineering and Operations team, Threat Management team as well as Security Governance business. Job Duties:
The Security Solution Architect is accountable for IT security architecture, design and solution engineering, meeting agreed requirements aligned to the Information Security and business strategy. Reporting to Principal Security Architect, the incumbent will work collaboratively with Enterprise Architecture, Enterprise Security Architects, Security Engineering, Security Services Operations, Security Operations Centre team and Project Delivery team.
This role will translate the group-wide information security strategy, policy and control requirements into secure solutions. This role need to balance between unique business objectives of a global exchange against the inherent security threat and risk profile applicable to critical national infrastructure. Also helps reviewing and providing security requirement inputs or security integration architecture for business led projects. Responsibilities
- Responsibility for ensuring the agreed information and cyber security architecture and solution designs are engineered to specification and within acceptable risk tolerance.
- Work with Security Services and Security Engineering subject matter experts to ensure that security services/systems are architected with engineering and operational requirements built in.
- Work within governance forums such as Enterprise Architecture Board, HKEX Group Security Architecture Committee and Group Security Architecture Working Group.
- Design and develop security solutions in accordance with the HKEX System Development Lifecycle, Application and application code security architecture and documentation standards.
- Create and review functional and non-functional security requirements, including all additional requirements for InfoSec and Cyber projects.
- Review system architecture and designs to ensure all solutions have undergone appropriate assurance and meet security acceptance criteria.
- Develop and present reference patterns for security architecture and technical security standards to meet Information Security Policy
- Contribute to the security technology strategy, security architecture roadmap, maturity model, policies and standards.
- Support day-to-day activities of the Information Security Strategy and Solution Architecture function ensuring Operating Level Agreements are met.
- University degree in Computer Science, Information Management, or related fields
- Relevant experience with information security and enterprise architecture methods and frameworks (e.g., SABSA, TOGAF, NIST CSF)
- Cyber Security certifications, such as SABSA, CCSP (Certified Cloud Security Professional), CISSP (Certified Information Systems Security Professional) or security specific cloud certifications such as AWS, Azure, GCP, AliBaba Cloud, Kubernetes, etc.
- Relevant experience of software and system assurance methodologies and associated vulnerability management and risk management practices.
- Relevant experience with industry best-practice approaches to the design, implementation, operations, and management of IT systems (e.g., Agile, Waterfall, ITIL, COBIT).
- Up-to-date experience of delivering solutions security in public and/or private cloud.
- Experience of developing/ contributing to security policies and standards.
- Current experience securing automated build and deployment pipelines and securing artefacts
- An intelligent, articulate, consensus building and persuasive leader.
- Must have a strong business acumen and technology knowledge, who can serve as an effective member as part the IT management team.
- Must be able to communicate information security-related concepts to a broad range of technical and non-technical audiences.
- Experience of effective stakeholder management and senior level reporting.
- Able to work effectively in a matrix management environment.
- Able to deliver within a fast-moving high-pressure environment, balancing multiple work streams and deliverables.
HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace. Location:
HKEX - TKO Shift:
Standard - 40 Hours (Hong Kong SAR) Scheduled Weekly Hours:
40 Worker Type: