Head of IT Security

ABOUT ADX (Asia Digital Exchange)

Asia Digital Exchange (ADX) envisions to become a regulated market infrastructure in Asia to offer a fully integrated end to end trading, settlement and custody service for digital assets. The joint venture between SIX Digital Exchange ("SDX") and SBI Digital Asset Holdings Co., Ltd. will provide a safe environment to issue, trade and custodies digital assets as well as enable the tokenization of existing securities and non-bankable assets to make previously untradeable assets tradeable.

ADX, planned to be live in 2022, is set to directly target the growing demand for public and private institutional digital assets, including regulated digital asset securities and cryptocurrency assets. It will leverage the extensive networks of SIX Digital Exchange in Switzerland and Europe, and SBI in the Asian Marketplace, as well as their joint expertise in facilitating Institutional clients’ needs.

POSITION SUMMARY

Reporting to the CTO, you will be responsible to manage the IT Security team to design, build and manage core IT Security infrastructure and services for ADX’s core business, starting with crypto exchange, settlement and custody. You shall be passionate about Blockchain, Securities Trading and Digital Assets, and understand the strategic business needs and plans for growth of the IT Security ecosystem to support these needs. You shall build a secure and cost-effective platform.

You shall have excellent organisational and leadership skills and possess the capability to function in a complex and dynamic environment.

DUTIES/RESPONSIBILITIES

• Lead and drive the IT Security architecture and platforms to meet organisation goals with qualities of high availability, high scalability, high performance and compliance in the technical design. These include access control solutions, blockchain and wallet security, virtual private network (VPN), identity and access management platforms, data protection technologies, anti-malware, vulnerability management, security monitoring and compliance tools.

• Act as an agent of change along with CTO in deploying transformational technology capabilities while introducing and establishing DevOps and other engineering best practices in the organisation.

• Develop and maintain enterprise IT security policies, standards, methodologies and best practices for security management.

• Conduct regular security analysis such as penetration test and platform vulnerability scanning to prevent cyber attacks.

• Perform security review of the whole IT Security environment including servers and networks to ensure compliance with MAS Technology Risk Management (TRM) guidelines.

• Prepare SOPs to address cyber incidents and lead in the remediation efforts.

• Collaborate, build and operate the DevOps infrastructure with the Applications and IT Infrastructure Services teams to define, implement and operate the continuous integration/continuous delivery (CI/CD) environment that leverages DevSecOps principles, process and tools.

• Identify and implement new security technologies and best practices into Cloud offerings.

• Develop/implement automated systems to help spot known crypto security exposures.

• Stay current on the latest cyber threats and vulnerabilities to ensure the cyber security architecture and defences are up to date.

• Lead and mentor the SOC team comprising a team of IT Security engineers. Manage the team’s performance, schedule assignments and training for development of staff.

• Manage vendor relationships and deliverables.
  

QUALIFICATIONS

Education

• Tertiary Education in Engineering or Computer Science.

Experience

• At least 8 years of practical experience in planning, design and operating IT Security systems including some practical experience in cyber security and risks.

• Experience with AWS IAM, CloudTrail, GuardDuty, WAF, etc would be a plus.

• Experience in the operation mode of a digital exchange. Experience in securities exchange, derivatives trading, cryptocurrencies and blockchain would be an added advantage.

Skills

• Strong understanding of defence in depth methodologies (cloud security).

• Possess strong technical skills in Linux, Windows operating systems and Active Directory, and AWS cloud ecosystem

• Possess relevant certifications in cloud, networking or cyber security, e.g. AWS, CISSP, CISM preferred

• Knowledge of DevOps techniques, Agile practices and experiences in cryptocurrencies and blockchain is an advantage.

• Provide guidance related to securing interactions between the core cloud platform and various blockchain technologies.

• Excellent innovative thinking and sensitive to user experience.

• Familiar with microservice architecture and technology framework and understand microservice design concepts.

• Strong analysis and communication management.

• Leadership mindset and capabilities, with the ability to effectively lead and collaborate across all departments.

• A team player who is result-oriented and diligent, and able to communicate and collaborate across all levels, enjoy hands-on technical work.