Vice President / Assistant Vice President, Information Security

Responsibilities:

• Lead the security governance of AI-powered applications, including LLM orchestration, RAG pipelines, and MCP integrations, with focus on adversarial resilience, prompt injection defense, and data leakage prevention.
• Oversee secure configuration and management of cloud infrastructure and containerized environments (Docker, Kubernetes), ensuring compliance with HKMA, C-RAF, iCAST, and other regulatory requirements.
• Implement and refine zero-trust architecture across AI workloads, cloud platforms, and enterprise systems.
• Manage and optimize key security technologies including Firewalls, IPS, IDS, WAF, SIEM, XDR, SOAR, and database security solutions.
• Perform comprehensive risk assessments and oversee compliance to safeguard the Bank’s digital assets.
• Conduct security testing and assessments against the Bank’s standard procedures and regulatory frameworks.
• Develop internal security guidelines to secure AI adoption.
• Collaborate with risk and compliance teams to operationalize AI security policies and frameworks.

Requirements:

• Degree holder in Computer Science, Information Systems, or related disciplines.
• Minimum 10 years of experience in information security, technology risk, or IT risk assessment, ideally within banking, financial services, or regulated environments.
• Extensive hands-on experience in AI/ML application security, AI governance, or secure orchestration frameworks (LangChain, LangGraph).
• Relevant professional qualifications (e.g., CISSP, CISM, CISA) preferred; familiarity with emerging AI security certifications is an advantage.
• Strong expertise in IT general controls, application controls, cybersecurity, cloud technologies, and SDLC (Agile/DevOps).
• Experience with containerization (Docker/Kubernetes) and cloud platforms (AWS/Azure).
• Good project management, problem solving and leadership skill.
• Familiarity with HKMA TM-E-1, TM-C-1, TM-G-1, C-RAF, PCI-DSS, SWIFT CSP, PDPO, NIST, MITRE ATT&CK, OWASP.