Job ref no.: CSA/CT (CT3128746-01#0013)
CK Hutchison Holdings Limited

Group Cyber Security Architect

CK Hutchison Holdings Limited

The Group Information Services Department (GISD), located in Hunghom, strives to serve the IT needs of Head Office and is responsible for co-ordinating IT related services within the CK Hutchison Group. We are looking for a cyber security professional to define and assess the organization's security roadmap, architectures and practices. The Group Cyber Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.


  • Define and review security roadmaps based on the cyber security strategies and sound enterprise architecture practices
  • Develop and maintain security architecture processes that enable the Group to develop and implement security solutions and capabilities that align with business, technology and threat drivers
  • Develop and maintain security architecture artefacts (e.g. reference architectures, principles, models, templates, standards and procedures) that can be leveraged by projects and operations across the Group
  • Lead development and management of the Groups security architecture practice
  • Lead design and architecture development activities for cyber security projects
  • Track changes in the technology and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artefacts
  • Provide security advice to application, infrastructure and security projects, including defining business requirements and input into planning of projects
  • Conduct or facilitate threat modelling of applications and services, and their associated information and data
  • Educate teams on secure coding practices, and escalate concerns related to poor coding practices to the team lead
  • Validate business, application, IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks
  • Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
  • Liaise with other security architects and security practitioners to share best practices and insights
  • Liaise with the business continuity management (BCM) teams to provide input into business continuity plans
  • Support the testing and validation of internal security controls, as directed by the team lead or the internal audit team
  • Understand, communicate and apply information security controls to address internal and external compliance requirements
  • Conduct research to evaluate new emerging technologies and maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation strategies, industry best practices, regulations and assist in benchmarking risk management practices against other companies
  • Mentor, coach and develop other staff members


  • Bachelor’s or master’s degree in computer science, information systems, cyber security or a related field
  • Relevant professional qualifications such as CISSP, SABSA, TOGAF, CISM, CCSP, GIAC, etc.
  • At least 15 years of relevant experience in IT with at least 10 years work experience in the information security field
  • Experience in developing enterprise security architecture blueprints (particularly in a complex organisation) and applying architecture methodologies such as SABSA, TOGAF or Zachman
  • Knowledge of ISMS, ISO27000 series, NIST and other major cyber security frameworks
  • Possess domain competencies in a number of information risk related disciplines, including security architecture, security operations, application security, infrastructure security, risk management, vulnerability management, BCM, or privacy and compliance
  • Experience designing, developing and implementing a Security Operations Centre or Computer Emergency Response Team
  • Experience and working knowledge of methodologies to conduct threat modelling exercises
  • Strong working knowledge of IT service management related disciplines
  • Good strategic planning, problem solving and analytical skills, and workshop facilitation skills
  • Ability to learn new concepts quickly to keep up with new emerging technology
  • Strong communication, people management and interpersonal skills
  • Experience implementing solutions for any of the following capabilities a plus:
  • Identity and Access Management
  • Governance, Risk and Compliance
  • Web Filtering
  • Security Incident and Event Management
  • Endpoint Protection
  • Data Loss Prevention
  • Mobile Security
  • Cloud Security
  • Encryption

Salary and benefits will commensurate with experience and competence. Please forward detailed resume with indication of expected salary quoting our reference to [via CTgoodjobs Apply Now ]

We are an equal opportunity employer and welcome applications from all qualified candidates. Personal data collected will be treated in the strictest confidence and handled confidentially by authorised personnel for recruitment-related purposes only within the CK Hutchison Group of companies.

Applicants not having heard from us within six weeks of the date of application may consider their applications unsuccessful. The personal data of unsuccessful applicants will be destroyed after the recruitment exercise pursuant to the requirements of the Personal Data (Privacy) Ordinance in Hong Kong. 

More job information
Job ref no. CSA/CT (CT3128746-01#0013)
Job Function
  • Hunghom
Employment Term
  • Full-time
  • 10 years - 15 years
Career Level
  • Middle management level
  • Degree