Cathay Pacific: Security Analyst   

This role is available to Hong Kong residents or to those who have the right to work in Hong Kong.

Responsible for analysing Cathay Pacific’s information security environment, ensuring management awareness of the risks, and  recommending pragmatic measures to reduce the risk level.

Principal Accountabilities:

The Security Analyst is accountable to the Manager IT Security and Risk  to:

• Track and maintain security risk remediation plans with relevant parties to achieve security requirements and mitigate identified risks to an acceptable level
• Track the resolution of negative audit findings reported by internal and external audit
• Perform control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action
• Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
• Provide an advisory role to interpret security requirements and controls as they apply to business needs
• Assist in the development of security architecture, security policies, principles and standards
• Work with the IT Security Operations to validate baseline security configurations for operating systems, applications, networking and telecommunications equipment
• Assist in compliance monitoring reviews, self-assessments and automated assessments
• Follow up on deficiencies identified in monitoring reviews to ensure that appropriate remediation steps have been taken
• Provide SME support to Incident Management Lead in the resolution of reported security incidents and provide leadership for where required
• Advise on normal and exception-based processing of security authorisation requests
• Assist in the promotion of IT risk awareness to business units
• Participate in IT projects that are related to IT risk and security
• Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices

 
Job Requirements :

• Minimum 5 years’ solid working experience in the IT industry, with at least 2 years in a similar role
• Tertiary education is desirable
• Certification in information security disciplines such as CISM, CISA or CISSP preferred
• Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL
• Proficiency in performing risk, business impact, control and vulnerability assessments
• Experience in developing, documenting and maintain security policies, processes and procedures
• Possess domain competencies in a number of IT-risk-related disciplines, including security, business continuity management, privacy and compliance
• Strong problem solving and analytical skills
• Good communication and interpersonal skills
• Sound knowledge and experience in IT risk and vendor management
• Knowledge on security best practices, such as PCIDSS or Secure SDLC
• Detail Oriented and Analytical

Key Relationships:

• Manager IT Security and Risk
• Account Managers
• Service Operation Manager
• Incident Management Lead
• Service Transition Manager
• Technical Support Manager/Lead
• Strategy and Planning Manager
• Enterprise Infrastructure Portfolio Manager/Lead
• Enterprise Architect
• Business Domain Architect
• Solution Architect
• Business units

 
External

• External services providers

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.

To submit your CV for this job click on the link above .