Assistant Vice President - Information Security - LME

Location:

CN-Shenzhen-HyQ

Shift:

Standard - 40 Hours (China)

Scheduled Weekly Hours:

40

Worker Type:

Permanent

Job Summary:

As an AVP-level Security Engineer within Information Security, you will lead the delivery and continuous improvement of security tooling and automation capabilities across the organisation. The role focuses on implementing and maturing Data Loss Prevention (DLP), Privileged Access Management (PAM) and secure administrative access (including SSH controls), with strong emphasis on integration, automation, operational readiness and measurable risk reduction. You will act as a technical subject-matter expert, driving the roadmap, partnering with Threat Detection and Engineering teams to operationalise alerting and response playbooks, and ensuring controls are implemented in line with policy, audit and regulatory expectations.

Job Duties:

RESPONSIBILITIES:DLP (Data Loss Prevention)

• Own and drive the DLP capability roadmap, consolidating and integrating existing DLP controls and tools into a coherent operating model.
• Define DLP detection coverage, data classification alignment, and success metrics; continuously tune controls to reduce false positives/negatives.
• Collect, normalise and analyse DLP indicators across multiple sources; identify trends, patterns and control gaps, and recommend remediation.
• Partner with Threat Detection to implement alerting standards, triage playbooks and escalation paths for DLP events.

PAM (Privileged Access Management)

• Lead enhancements to PAM capabilities (e.g., onboarding privileged accounts, policy hardening, session monitoring) and ensure adoption across critical platforms.
• Design and implement User/Entity Behaviour Analytics (UEBA) use cases for privileged activity, aligned to threat models and operational monitoring.
• Work with infrastructure and application owners to define standards for privileged access, break-glass procedures and least-privilege enforcement.

Secure Administrative Access (SSH) Controls

• Deliver secure SSH key management integrated with PAM controls, including rotation, vaulting and access governance.
• Implement Just-in-Time (JIT) access, privileged session management and audit/compliance controls for SSH administration.
• Establish engineering patterns and guidance for secure remote administration across Linux estates and container platforms.

Tooling Integration, Automation & Operational Readiness

• Design and implement integrations via vendor APIs to enable automation, data enrichment and improved end-to-end visibility.
• Build automation for data collection, correlation and reporting using Python and APIs; improve repeatability, resilience and operational efficiency.
• Ensure production readiness: monitoring, logging, documentation, runbooks, support procedures and service transition for security tooling.
• Support incident response by providing deep technical analysis, contributing to investigations and driving post-incident improvements.

Governance, Documentation & Stakeholder Management

• Maintain accurate, audit-ready technical documentation, control evidence and implementation standards for DLP/PAM/SSH controls.
• Communicate progress, risks and dependencies clearly to stakeholders; coordinate delivery across InfoSec, Threat Detection and Engineering teams.
• Contribute to security assessments and control design to ensure alignment with policy, regulatory requirements and best practice.

REQUIREMENTS:Academic and Professional Qualifications

• Bachelor’s degree in Information Security, Computer Science or related discipline (or equivalent experience).
• Desirable: security certifications such as CISSP/CISM, GIAC, CCSP, or vendor certifications relevant to DLP/PAM/SIEM.

Required Knowledge and Experience

• Typically 8+ years in security engineering, security operations, or infrastructure security with demonstrable ownership of security tooling delivery.
• Hands-on experience implementing and operating DLP and/or PAM solutions (CyberArk experience strongly preferred).
• Practical experience with privileged session monitoring, access governance, and administrative access control patterns.
• Strong experience integrating platforms using vendor APIs; ability to design data flows for security telemetry and reporting.
• Strong scripting/automation skills (Python preferred) and familiarity with CI/CD practices for repeatable deployments.
• Solid understanding of Linux administration and SSH security best practices; container knowledge (Docker/Kubernetes) is beneficial.
• Experience partnering with detection/monitoring teams to build alerting, triage and response playbooks; familiarity with UEBA concepts is advantageous.

Company Introduction:

ITD SZ

港交所科技（深圳）有限公司，是2016年12月28日于深圳市前海自贸区成立的外商独资企业。

作为港交所的技术子公司，港交所科技（深圳）有限公司主要是为集团及其附属公司提供计算机软件、计算机硬件、信息系统、云存储、云计算、物联网和计算机网络的开发、技术服务、技术咨询、技术转让；经济信息咨询、企业管理咨询、商务信息咨询、商业信息咨询、信息系统设计、集成、运行维护；数据库管理、大数据分析；以承接服务外包方式提供系统应用管理和维护、信息技术支持管理、数据处理等信息技术和业务流程外包服务。