Key Responsibilities
Security Strategy & Governance
- Develop/enforce policies aligned with international best practices (e.g., NIST CSF, ISO 27001 etc.) and regulations (under the HKMA and SFC).
- Govern privileged access workflows (e.g., cloud admin rights, wallet permissions) and approve policy exceptions.
Cloud Infrastructure Protection
- Harden hybrid cloud environments (AWS/Azure/Alibaba Cloud), including IAM, key management, and security monitoring tools.
- Embed security into CI/CD pipelines (code scanning, container security).
Risk Monitoring & Incident Response
- Lead 24/7 vulnerability management, severity-tiered alerts, and playbook-driven incident response.
- Conduct bi-annual drills (ransomware, insider threats) and post-incident reviews.
Compliance & Collaboration
- Ensure compliance with HKMA’s CRAF requirements (e.g., cyber resilience testing, third-party risk management).
- Align cloud/data practices with applicable regulations and cybersecurity laws.
Requirements
Experience: 10+ years in cybersecurity, 5+ in leadership (fintech/cloud/digital assets).
Technical Skills:
- Cloud security (CSPM, CI/CD, Kubernetes).
- Blockchain (wallets, smart contracts), SIEM/PAM tools.
Regulatory Expertise:
- Proven experience implementing HKMA CRAF for financial institutions.
- Knowledge of other regulators’ guidelines or rulebooks (e.g., VARA’s Information and Technology Rulebook)
Cybersecurity Expertise:
- Experience in handling cyber attacks
- Experience in implementing and operating major cyber defence technologies such as SIEM, EDR etc.
- Knowledge of Mitre Att&ck Framework
Certifications: CISSP, CCSP, AWS/Azure Security.
Language: Fluent English, Mandarin, Cantonese.
Travel: Split time between Hong Kong/Shenzhen.
Culture and Benefits:
- Exciting and collaborative startup environment.
- Excellent company culture: give your best while having fun and grow as a person.
- A flat structure: your ideas get heard by the right people very quickly.
- Creating your own profile in the startup ecosystem.
- Plenty of responsibilities from day one.
- Casual dress code.
- Free coffee, tea, drinks and snacks daily.
- In-house gym facilities.
- Medical & Life insurance.
- Regular and fun company activities.
- Other leaves in addition to annual leaves, e.g. marriage leave, compassionate leave.
Data collected would be used for recruitment purposes only. Applicants who do not hear from us may consider their application unsuccessful and their data will be destroyed within 24 months of receipt.
