RoleSenior IT Information Security Lead
LocationHong Kong
Who we areCorporate & IT
At ELEVATE, we offer a unique and impactful career journey designed to empower our teams to influence change. Join our team for a truly international experience. With 24+ offices globally (and still growing), you will have exposure to real issues that span the globe. Fasten your seatbelt for an energetic and dynamic experience where you will have exposure to and support our global best-in-class team across 100 countries from Finance to HR to IT. In line with ELEVATE’s mission to use business and innovation to be a drive transformational change, this is your opportunity to lead the operations of an organization that is a driver of meaningful and lasting impact that effectively improves people’s lives and preserves our planet. Our Corporate and IT departments are an essential part of our operations and play a strategic role in delivering our business goals.
Job overview at a glance
ELEVATE is seeking an experienced IT Information Security Lead. This is a vital role in leading ELEVATE’s posture around IT Security and infrastructure management covering such aspects as Information Risk Management (IRM), Cybersecurity Incident and impact assessment, understanding these risks in context of the IT control environments and covering all related applications and platforms. This role will evaluate and establish scalable infrastructure and appropriate security controls for ELEVATE’s enterprise applications which will transform the way brands and retailers assess their supply chains and drive improvements.
Who you areAre you thrilled by the idea of working in a business that aims tackle the world’s biggest challenges? Do you want to work:
- environmental, social and governance issues
- with an amazing team of like-minded creative thinkers
- in a fast-paced dynamic environment
- for some of the biggest and most forward-looking brands in the world
Responsibilities
- Develop technical requirements, policies, procedures and controls for network, system and data security
- Provide technical guidance to application teams and implement the necessary security configurations related to the infrastructure and applications
- Define appropriate framework for cybersecurity monitoring and implement cybersecurity control mechanisms which are consistent with ELEVATE strategy
- Manage end-to-end project management from initiation to deployment and rollout as well as post-implementation on Information Security including establishment of policies, the deployment of Security Controls & Framework, DevSecOps best practices, etc.
- Ensure appropriate network, infrastructure and application security hardening and resiliency – especially in the context of cloud hosted applications or platforms (e.g. AWS, Office 365, etc.)
- Manage information system security operations, including implementation of general IT risk and control mechanisms
- Detect, identify and monitor security vulnerabilities and make recommendations on remediation actions
- Act as a focal point for internal/external audit around technology risk and information security matters
- Lead IT projects that cover IT Security
- Manage and oversee the Office 365 platform from a security policy and security controls perspective.
- Lead and/or support company wide initiatives around security assessments, penetration testing, mock-phishing, end user information security education, etc. to ensure a strong security posture
- Implement best practices around security and help with security “hygiene” aspects incl. monitoring, log reviews, SDLC/code compliance against OWASP Top 10, etc.
- Lead incident investigations, reporting and remediation actions
- Other duties as assigned
Requirement and Qualifications
- At least 5 years working experience on IT Information Security such as Application Security, and security architecture
- Knowledge of enterprise infrastructure, AD, Group Policy, Office 365, Identity and Access Management, Windows, Linux, VMware, cloud services such as AWS and GCP.
- Strong understanding of Application Design including web, mobile and backend platforms, Cloud Security, TCP/IP, system and network fundamentals.
- Experience with Atlassian suite of tools: JIRA, Confluence, BitBucket
- Understanding of system monitoring and application logging solutions (SumoLogic, New Relic, Nagios, Graphite, Grafana, Logstash, InfluxDB, Solarwinds)
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desirable
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
- Holder of professional qualification(s) any of Project Management, Security, Cloud, Linux, or MS certifications is advantageous
- Good problem-solving skill for handling complex issues
- Strong written and oral communication skills including the ability to communicate complex issues to technical and non-technical staff and management.
- Good leadership and communication skills, team player with multi-tasking capabilities
- Highly motivated team player with excellent analytical, written, verbal communications and presentation skills is required.
Equal Opportunity Employer
ELEVATE is committed to creating a diverse and inclusive workplace and is proud to be an Equal Opportunity Employer. All qualified applicants will be considered without regard to race, color, religion, gender, gender identity, sexual orientation, national origin, genetics, disability, age, veteran status, or any other status protected by local law. Personal data provided by applicants will be treated as confidential information and will be used exclusively for employment purposes only. Only short-listed candidates will be notified. Applicants who are not invited for an interview may consider their applications filed for future reference.To learn more about career opportunities at ELEVATE, please visit our Careers Page here: https://www.elevatelimited.com/careers/