瀚亞證券投資信託股份有限公司

1.全球股債匯市場投資研究 2.全委/類全委投資帳戶之投資管理 3.各項專案規劃與執行 4.協助業務/行銷/產品部門之帳戶投資相關需求

The Senior Application Engineer Lead will be responsible for designing, implementing, and maintaining the company's applications to ensure stable operation and high performance. This position requires leading the application development team, resolving complex technical issues, and driving technological innovation. 1. Software development, modelling, simulation, testing, and quality assurance. 2. Analysis of user requirements, software, and code. 3. Perform maintenance and software integrations for existing systems. 4. Design and implement application systems. 5. Collaborate with Business Analysts, Project Leads, and the IT team to resolve issues and ensure solutions are viable and consistent. 6. Lead system upgrades and the implementation of new technologies. 7. Monitor and optimize application performance to ensure high availability and reliability. 8. Resolve complex technical issues and provide advanced technical support. 9. Mentor and train Junior Application Engineers. 10. Follow group and regulatory IT security and infrastructure policies, procedures, and standards to reduce cyber risks to acceptable levels. 11. Consult the information security team before adopting any non-standard or not pre-approved (by Prudential group or Eastspring) open-source code or library for security risk assessment. 12. Complete yearly secure code warrior training and pass the test within the defined time window set by the information security team. 13. Implement security fixes to the application as identified by the information security team either during the build phase or running phase, within the timeframe according to the security risk severity. 14. Follow Prudential/Eastspring defined security policies, standards, and procedures in the development life cycle, accessing non-production environments (development, SIT, UAT, staging, DR), and accessing the production environment. This may include but is not limited to: the onboarding of PID to CyberArk, use of CyberArk to access servers/databases, production data masking/encryption when used in non-production environments, and following Eastspring IAM control assurance guidelines for authentication/authorization in application development.

1. Design and implement infrastructure systems. 2. Lead system upgrades and the implementation of new technologies. 3. Monitor and optimize system performance to ensure high availability and reliability. 4. Resolve complex technical issues and provide advanced technical support. 5. Mentor and train Junior Infrastructure Engineers. 6. Follow group and regulatory IT security and infrastructure policies, procedures, and standards to reduce cyber risks to acceptable levels. 7. Maintain up-to-date IT inventory and infrastructure diagrams (network diagrams) to ensure proper execution of IT controls (e.g., technology lifecycle refreshing) and information security controls (e.g., vulnerability scanning). 8. Implement and maintain security controls on systems (user endpoints, servers, appliances) and networks (routers, switches, firewalls, load balancers, F5, etc.) under the support scope according to Prudential group information security policies and standards, including but not limited to: (1) Security hardening of systems according to group technology security standards. (2) Security patching of systems according to defined Prudential group patching standards and GwISP vulnerability scanning results. (3) Deployment and support in troubleshooting of security agents such as DLP (Forcepoint), Splunk, EDR (Cybereason, Darktrace), etc. (4) Implementation of security rules (such as proxy whitelist, USB read/write access, antivirus scanning exceptions, or firewall rules) or access rights upon approval by the information security manager and/or defined approvers in IAMPru. (5) Support the information security manager in fixing deviations from security standards identified from monthly infosec dashboards, various types of security scanning (vulnerability scanning, compliance scanning, penetration testing, weekly external web scanning, etc.), and complete within the defined timeline set by Prudential group and Eastspring. (6) Identify and onboard privilege IDs of infrastructure components onto CyberArk and responsibly use PIDs according to Prudential group and Eastspring information security policies/standards. (7) Report deviations from information security policies and standards, malicious activities, or potential security incidents to the information security manager for proper handling advice.

We are seeking a highly skilled and proactive Information Security Manager to join our team. The successful candidate will play a crucial role in Eastspring Regional team ensuring the security and compliance of project / application implementation, with a particular focus on Cloud services and technologies for all business units. •Conduct security-by-design reviews on new programs, initiatives, projects, Cloud services and technologies regionally (in-house development, Commercial Off-The-Shelf, SaaS), ensuring sufficient documentation for compliance / audit. •Collaborate with Group and Regional information security teams, as well as business stakeholders, to ensure project implementation aligns with security controls in accordance with policies, standards, guidelines, and regulations. •Take part in the security architecture blueprint and design review process for the Cloud hosted solutions. •Ensure critical vulnerabilities are tracked and remediated prior to application go-live. •Analyse, review, and approve non-standard software/technology implementations regionally. •Perform ad-hoc and periodic reviews of Proxy/Network/Firewall requests, designs, and configurations in Eastspring. •Provides advisory and consultation to business units, business owners, and project teams for any Cloud Security related matters. •Create a culture of security-by-design awareness by conducting related training for LBUs and other relevant stakeholders. •Create, maintain, and update relevant security policies, standards, and operating procedures for Eastspring. •Support the team leader with any assigned security operation tasks related to Identity Access Management, endpoint security, network security, data protection, DLP, VAPT, security alerts, and incidents.

1. Ensure that company policies are in compliance to local privacy laws and group policies 2. Serve as the main point of contact within Eastspring and group on issues related to data privacy 3. Establish new and amend existing data privacy policies, guidelines and procedures, in consultation with stakeholders 4. Lead and/or participate in response to data privacy incidents 5. Performs data privacy self-assessments to identify areas of concern and remediate 6. Manage data privacy impact lifecycle (i.e. cross border data transfer) 7. Devise training across Eastspring staff who are involved in data handling and processing 8. Promote a culture of data privacy and compliance across Eastspring

Eastspring Taiwan 的 IT 團隊開始年度實習生招募。 我們正在尋找對 IT 充滿熱情、渴望了解台灣共同基金行業的候選人加入我們經驗豐富的團隊。這是一個有薪實習，將由你協助撰寫和實際運用軟體，想獲得實際操作經驗的難得機會，立即申請，開啟你在 Eastspring 的職業生涯！ 1.撰寫網頁爬蟲程式並自動化執行。 2.優化 Power Apps 和 Power Automate 簽核流程。 3.熟悉 API 相關知識。 4.使用 Python 自動化清理報表並比對財報。 5.使用 Python 撰寫自動化寄信系統。 6.熟悉 SQL 語言，有管理資料庫經驗者佳。 以上技能不需全部具備，擁有學習熱忱才是重點。 非資工/資管領域，有程式語言基礎和相關經驗者也可嘗試。