Company Introduction: We're home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary: The Associate, Information Security Governance supports the establishment, operation, and continuous improvement of HKEXs information security processes. The role is responsible for reviewing, documenting and implementing security processes, supporting broader security risk management activities. A core focus is to define and maintain clear, actionable documentation so security tools and controls are managed consistently and effectively. The role also contributes to process improvement and innovation initiatives, including the responsible adoption of AI to enhance the efficiency and effectiveness of security controls. This role offers hand-on experiences for aspiring risk professionals who wants to build a career in security risk management.
Job Duties: Job Responsibilities: 1. Security Process & Procedure Governance - Review, draft and implement processes and procedures related to the management and operation of security tools (e.g. DLP, SIEM, IAM, endpoint protection, cloud security).
- Assist in establishing a framework and provide guidance to multiple security functions to document and maintain standard operating procedures (SOPs), workflows, and control descriptions to enable consistent execution by support and operations teams.
- Ensure documentation is clear, actionable, version-controlled, and aligned with security policies and standards.
- Periodically review and validate that documented procedures are properly executed, highlighting gaps or deviations and tracking remediation actions.
2. Control Assurance & Operational Oversight - Support security control monitoring activities, such as verifying access reviews, configuration standards, alert handling, and exception management.
- Assist in operational control validation to confirm security controls function as designed.
- Track control issues, findings, and improvement actions; facilitate closure in collaboration with relevant IT teams.
3. Risk Metrics, Reporting & Automation - Support the collection of Key Risk Indicators (KRIs) data and operational security metrics.
- Develop and maintain automated reporting, dashboards, and data visualisations to provide meaningful insights into control effectiveness, risk trends, and operational performance.
- Help standardise reporting formats for management, governance forums, and stakeholders.
- Identify opportunities to reduce manual reporting effort through automation and data integration.
4. Additional Responsibilities - Support the maintenance of security policies, standards, and control frameworks.
- Assist in risk assessments, tracking of risk treatment actions, and follow-up with responsible teams.
- Keep up to date with security governance best practices and contribute ideas for continuous improvement.
- Participate in security governance meetings, working groups, and improvement initiatives as required.
Required Qualifications & Skills: Qualifications - Degree or diploma in Information Security, Information Technology, Computer Science, or a related discipline (or equivalent experience).
Technical & Professional Skills - Basic understanding of information security governance, risk, and control concepts.
- Minimum 3 years of relevant experience in IT, information security, technology risk, compliance, or IT audit functions, preferably within financial services or a regulated environment. IT audit experience preferably from reputable audit firm.
- Familiarity with security tools and operational security processes is an advantage.
- Experience in process documentation, controls, audits, or compliance.
- Ability to analyse processes and identify gaps or improvement opportunities.
Soft Skills - Detail-oriented with a structured and methodical approach.
- Able to work collaboratively with technical and non-technical stakeholders.
- Willingness to learn, adapt, and take ownership of assigned tasks.
HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.
Location: HKEX - TKO
Shift: N/A
Scheduled Weekly Hours: 40
Worker Type: Permanent