Deputy Executive Manager, Security Architecture

The job

You will:

• Develop, maintain, and own cyber security architecture patterns and design standards, using industry references and best practices (NIST, CIS, ISO, MITRE, OWASP, etc.) addressing - what, why, how, who, when, and where

• Develop, maintain, and own cyber threat modelling framework and apply it in conjunction with the risk management framework, risk assessment, and compliance with cybersecurity policies and standards

• Ensure coverage of cyber architecture patterns and design standards, and support extends to the current IT and cyber portfolio, as a priority. In addition, based on the demand and established priority, ensure support for evolving and emerging technologies such as multi, hybrid, public, and private clouds, Gen AI, DLTs, and Quantum resistance

• Develop and maintain NFRs and provide the required cyber architecture, design, and delivery support to the strategic business initiatives to complement their business functional requirements

• Work alongside PMO, delivery and BAU teams to establish project plans with scope, dependencies, constraints, timeframe, and including established BAU acceptance criteria, for club-wide cyber initiatives funded by CS, based on priorities, funding, and resourcing, and maintain a diligent focus on execution

• Conduct regular information-sharing sessions across management teams, independent of specific project deliverables, and with a focus on cyber architecture, design, product capabilities, people skills, and process maturity to seek feedback for continuous improvement

• Strive for product integration and consolidation, with immediate tactical steps and medium to longer-term approach, whilst articulating its rationale. Ensure rigorous competitive analysis, technical evaluations, vendor stability, professional services and support capabilities

• Mentor cyber design, delivery, and operational (BAU) teams. Remain up-to-date on evolving and emerging technologies. Distill hype (snake oil) across all cyber technologies. Excel in thought leadership as well as programme, project management, and people management across cross-functional teams across the Club

About you

You should have:

• Deep expertise and knowledge of the Security Domain with 10+ years of experience

• At least 4+ years of experience leading Security Architecture for a technology-focused organization

• Degree holder or Post-Graduate qualification in IT-related disciplines

• Sound knowledge and understanding of the latest security tools, security design methodologies, architecture frameworks and security risk assessment methods

• Relevant professional certifications (such as CISSP, CISM, GSE, or other equivalent) preferred

• Ability to speak English with good communication skills. Cantonese would be an advantage

• Able to accept technical challenges involved with defining the future of security

• A passion for educating and working with diverse technical teams

• Experience in security technologies including cloud, web application security, anti-bot solutions, WAF, application layer firewalls, IDS/IPS, SIEM, stateful inspection, TCP/IP, cryptography, authentication, OAUTH2.0, PCI DSS, different web application vulnerabilities, different attack vectors, vulnerability assessment and application penetration testing

• Experience with fundamental Internet protocols: BGP, GRE, MPLS, CDN, TCP/IP, SSL/TLS, HTTP, FTP, DNS

• Broad security and technology knowledge including DevSecOps and cloud infrastructure

• Programming experience - C, C++, J2EE, .NET, Flash/Flex, Web services and website development are a strong advantage

• Knowledge of ISMS, ISO27000 series, OWASP Top 10, MITRE and other major information security frameworks

Terms of Employment

The level of appointment will be commensurate with qualification and experience.