Responsibilities: Conduct risk assessments and vulnerability scans on the application portfolio to identify any potential security risks. Collaborate with cross-functional IT teams to remediate identified vulnerabilities and ensure the overall security of our applications. Define and implement application security controls and guidelines in line with industry best practices and regulatory requirements. Conduct regular security reviews and audits of our application portfolio to ensure compliance with security policies and standards. Monitor and respond to security incidents, including investigating, analyzing, and reporting any potential threats or breaches. Stay up-to-date with the latest IT security trends, industry standards, and regulatory requirements to proactively address emerging threats and risks. Provide guidance and support to development teams on secure coding practices and application security testing. Collaborate with other IT teams to develop and maintain secure application architectures and deployment practices. Assist in the development and maintenance of IT risk management frameworks, policies, and procedures. Work closely with internal and external auditors to provide necessary information and ensure compliance with audit requirements. Qualifications and Skills: Bachelor's degree in Information Technology, Computer Science, or a related field. Minimum of 8 years of experience in IT risk management, application security, or related roles in a financial institution or similar industry. Strong understanding of IT risk management principles, application security best practices, and regulatory requirements (e.g., NIST Cybersecurity Framework, ITIL, CMMI, ITSM, COBIT, and PMBOK) Experience with application security assessment tools and frameworks (e.g., OWASP, Fortify, Burp Suite). Knowledge of secure coding practices, security testing methodologies, and common application vulnerabilities. Familiarity with financial services industry regulations and compliance requirements. Professional certifications such as CISSP, CISA, CISM, or equivalent are highly desirable. Excellent analytical and problem-solving skills, with the ability to identify and mitigate potential security risks. Strong communication in English and Chinese (Cantonese / Mandarin) and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Proven ability to adapt to a fast-paced and changing environment. If this outstanding opportunity sounds like your next career move, please send your resume in Word format to Danny Kwan at
[email protected] and put IT Risk and Security Associate (Application) - Leading Financial Institution in the subject header. Data provided is for recruitment purposes only. _________________________________________________________ Headquartered in Hong Kong, Pinpoint Asia is the go-to Specialist Firm for Technology Recruitment We are a team of specialist tech recruiters (many of our recruiters come from an IT background) and we serve a wide range of clients, all the way from tech startups (especially FinTech) to some of the top Financial Institutions on Wall Street and several other large scale enterprises in other industries. Our significant market reputation and status as the leading search firm for many of our clients is a direct result of our strong industry relationships, intimate understanding of the marketplace and proven ability to deliver results. Our vision is to help companies hire smarter and help job seekers get closer to their career aspirations. To see all our open jobs please reach out to us at https://pinpointasia.com/job-search/ (EA License #72371) We are also seeking top-calibre candidates for the following exciting roles: 1) Python Developer - Leading Asset Management Firm 2) Security Architect - Leading Investment Bank 3) IT Support Engineer - Top Investment Bank