
Senior Project Manager - AVP - Information Security - IT
Job Description
Company Introduction:
We’re home to Asia's most dynamic and vibrant capital markets.
Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day.
HKEX is a purpose-driven company. Our commitment to the long-term development of our business and our markets is articulated in our purpose: "To Connect, Promote and Progress our Markets and the Communities they support for the prosperity of all."
Job Summary:
The AVP, Senior Project Manager – Information Security is a key strategic role responsible for delivering end-to-end security initiatives and programs across the organization, ensuring alignment with enterprise security standards, regulatory requirements, and project governance frameworks. This position focuses on driving secure project execution, risk mitigation, and stakeholder alignment within complex IT and security environments. It also requires strict adherence to organizational processes and controls, including procurement, financial governance, and project reporting requirements.Job Duties:
Job Responsibilities:
Delivery of projects within scope, time, and budget
Compliance with security and regulatory requirements
Effective risk mitigation and issue resolution
Stakeholder satisfaction and business alignment
1. Project Delivery & Governance
Lead full project lifecycle delivery (planning, initiation, design, build, implementation, closure) in accordance with the Project Management Framework (PMF).
Establish and manage project governance structures (Project Sterring Committee (PSC), Project Management Team (PMT), Project Working Team (PWT)) and reporting cadence.
Develop and maintain key project artifacts (Project Initiation Document (PID), project schedule, risk register, status reports, closure reports).
Ensure adherence to change control, milestone reviews, and approval processes.
2. Security Program & Controls Implementation
Drive implementation of IT Security Management Framework (SMF) controls across projects, e.g., Software Development Life Cycle (SDLC).
Ensure security requirements are embedded across system lifecycle (design, development, testing, deployment).
Lead security-related initiatives including:
Access control and identity management
Infrastructure and network security
Security monitoring and incident readiness
Data protection, encryption, and compliance
Ensure alignment with standards such as ISO 27001, NIST, and internal policies.
3. Project Risk & Compliance Management
Identify, assess, and manage project and security risks through formal risk registers and assessments.
Drive mitigation strategies for technology, operational, and security risks.
Ensure compliance with internal security policies, audit requirements, and regulatory obligations.
Coordinate project specific security reviews, vulnerability assessments, and audits.
4. Project Stakeholder & Vendor Management
Engage senior stakeholders including business owners, IT leadership, and security teams.
Provide regular reporting on progress, risks, budget, and issues to governance bodies.
Manage external vendors and service providers, ensuring delivery against SLAs and contractual requirements.
Facilitate cross-functional collaboration across IT, security, and business teams.
5. Project Resource & Financial Management
Manage project budgets, forecasts, and expenditure tracking.
Plan and allocate project resources effectively across teams.
Ensure projects are delivered within scope, time, and budget constraints.
Job Qualifications:
Education
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or Business Administration related.
A Master’s degree (e.g., MBA, MSc in Cybersecurity, or Information Systems) is preferred and considered an advantage.
Experience
- 8–12+ years of IT project management experience, with strong exposure to cybersecurity / security services.
- Proven track record delivering large-scale, complex IT/security programs.
- Experience in regulated environments (e.g., financial services) preferred.
Technical & Domain Knowledge
Solid understanding of:
IT Security frameworks (ISO 27001, NIST, CIS, etc.)
Security domains (IAM, network security, endpoint security, cloud security, SIEM, vulnerability management)
SDLC and secure system development
Familiar with enterprise security controls and governance models.
Project Management Skills
Strong knowledge of structured PM methodologies (PMF, SDLC, waterfall; agile exposure is a plus).
Expertise in:
Risk management
Change management
Budget & resource management
Stakeholder communication
Certifications (Preferred)
- PMP / PRINCE2
- CISSP / CISM / CISA (or equivalent security certification)
Key Competencies
Leadership and stakeholder influence
Strong analytical and problem-solving skills
Excellent communication and executive reporting
Risk-aware mindset with attention to detail
Ability to operate under pressure and manage competing priorities
HKEX is committed as an Equal Opportunity Employer. Diversity is one of our core values and we look to support, respect diverse perspectives, abilities, culture and experiences within our workplace.
Location:
HKEX - TKOShift:
Standard - 40 Hours (Hong Kong SAR)Scheduled Weekly Hours:
40Worker Type:
Permanent