IT Risk and Security Analyst
At Cathay Pacific, we share one common aspiration: to be the world's best airline. We believe in looking for the best in our people, in working as a team, in doing the right thing by our shareholders and our communities.
With a global team, we offer a diverse range of career choices and opportunities - in the air, on the ground; in customer service, in the office; managerial or professional roles. Our team of great people each plays a key role to deliver the quality service that we are famous for.
Highlight
Reports To: IT Risk and Security Lead
Contribute in overall Data Governance principles and methodologies in Cathay Pacific group of companies
Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
Participate in managing IT Risks
Conduct risk assessments and participate in Security audits
Developing IT Security policies and guidelines
Developing security awareness material and conducting training trainings for various target audience
Contribute in overall Data Governance principles and methodologies in Cathay Pacific group of companies
Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
Participate in managing IT Risks
Conduct risk assessments and participate in Security audits
Developing IT Security policies and guidelines
Developing security awareness material and conducting training trainings for various target audience
Responsibilities
- Conduct IT Risk and Security assessments to identify Security risks and follow up mitigation items.
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Co-ordinate and follow IT Risk Management Process.
- Maintain and update IT Risk Register.
- Participate in Audits and provide advisory to remediate the findings
- Participate in activities related to various compliances e.g. PCIDSS, ISO27K1, CAD and etc.
- Evaluate and perform benefit analysis security products
- Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Support the development of security architecture, security policies, principles and standards
- Provide SME support in the resolution of reported security incidents and provide leadership where required
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Develop Security awareness material and conduct Security awareness trainings for various target audience
- Advise on exception-based security requests
- Participate and Contribute in development and improvement of Data Governance and Data classification principles
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Co-ordinate and follow IT Risk Management Process.
- Maintain and update IT Risk Register.
- Participate in Audits and provide advisory to remediate the findings
- Participate in activities related to various compliances e.g. PCIDSS, ISO27K1, CAD and etc.
- Evaluate and perform benefit analysis security products
- Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Support the development of security architecture, security policies, principles and standards
- Provide SME support in the resolution of reported security incidents and provide leadership where required
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Develop Security awareness material and conduct Security awareness trainings for various target audience
- Advise on exception-based security requests
- Participate and Contribute in development and improvement of Data Governance and Data classification principles
Requirements
All of the following experience and qualifications are preferred, but not mandatory:
- Certification in information security disciplines such as CISM, CISA or CISSP or CRISC or CCSK
- University graduate in IT
- 3 years in IT Security field
- Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security
- Certification in information security disciplines such as CISM, CISA or CISSP or CRISC or CCSK
- University graduate in IT
- 3 years in IT Security field
- Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security
Salary
Negotiable
Location
Validity
Expired