Cyber Security Architect

About Mox

Mox is built by and for the ones who aspire to live life to the fullest – we call them Generation Mox! The name Mox reflects the endless opportunities we can create, - Mobile eXperience; Money eXperience; Money X (multiplier), eXponential growth, eXploration… it’s all up for us to define together. Mox helps you grow – your money, your world, your possibilities. We equip you with the financial management tools, information and insights you need to make your dreams, big or small, come true. Everything at Mox – from our products, features, to rewards – is designed based on customer research, tailor made for your needs. We care about what customers care about, especially in data security and privacy. Data ethics is core to everyone here at Mox. Mox rewards you with an array of banking and lifestyle benefits. Together we create a new standard in banking. We are always looking for awesome people who can work with us on this adventurous journey!

What We're Looking For

We are currently looking for a Cyber Security Architect!

Responsibilities of a Cyber Security Architect

• Develop security patterns and guidelines that meet cloud security best practices.
• Provide key security input and innovation to the security direction related to the bank’s cloud strategy.
• Develop and/or carry out the strategic direction of security projects to enable execution of the information security strategy.
• Drive cyber risk reduction and remediation efforts through the collaboration with stakeholders to develop and implement strategies that align with business and security objectives.
• Provide business-facing support and build strong working relationships as a cyber security champion and trusted advisor – you will influence cyber security outcomes and work across teams to help assess, understand, and remediate gaps within code, systems, and cloud technologies.
• Provide expert technical information security consulting on multi-platform IT environments and subject matter expert advice to project teams.
• Influence the cyber security posture through direct contribution and consultation with in-flight projects.
• Plan, design, and implement Security Systems, Controls and Solutions.
• Support the delivery of security architecture services demonstrating specialisation in cloud security.
• Review the current system security measures/design and support enhancement implementation from an architecture perspective.
• Promote the security architecture process, outcomes and value proposition to the bank.
• Maintain and apply security architectural knowledge and investigate and recommend improvement opportunities.
• Actively and proactively contribute and provide support to other key domains and functions within the Cyber and Digital Trust Team.
• Lead threat modelling exercises.
• Perform security and cyber risk assessments.
• Assess, harden, and help improve baseline cyber security controls through performing reviews, identifying opportunities, and presenting enhancements to management.
• Provide hands-on support with performing ad-hoc implementations and maintenance of cyber security controls across several technologies and security tools including EDR, SIEM, Cloud Proxy, and Communication Gateways.
• Maintain up-to-date knowledge on cloud security, latest attacks and trends, vulnerabilities, mitigation strategies, and industry best practices and regulations.

Requirements

Your experience is ideally supported by one or more of the following qualifications:

• 7+ Years’ experience in technology/IT/security related positions. Ideally, your experience will include time as an individual contributor, hands-on consulting, or advisory capacity. Your experience should include:
  • Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability.
  • Experience working with digital businesses, AWS cloud technologies and environments embracing agile WoW and DevOps tooling.
  • Demonstrable understanding or experience deploying cloud-based solutions to Amazon Web Services utilising known good practice for security, resilience and recovery.
  • Solid understanding of security protocols, cryptography, PKI and Cas, authentication, authorisation and security.
  • Demonstrated experience at delivering innovative architecture to strategic programs.
  • Experience implementing multi-factor authentication, single sign-on, identity management or related technologies.
  • Good working knowledge of current IT risks and experience implementing security solutions.
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures.
  • Working knowledge of industry good practise such as OWASP, PCI DSS, ISO27001/2, NIST CSF, SWIFT CSP.
  • Banking/Financial experience desirable.
  • Familiar with HKMA regulations.
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook.
• Highly desirable industry certifications, including but not limited to those issued by SANS/ISC2/ISACA: CISSP, CISM, CISA, CRISC, CGEIT, CCSP or GIAC.
• Architecture certifications such as TOGAF, SABSA is desirable.
• Participation in relevant Cyber Security industry forums is desirable.

Key skills/competency

• Cloud Security
• AWS
• Security Architecture
• Risk Management
• Threat Modeling
• Information Security
• Security Controls
• Identity Management
• Cryptography
• DevOps Security