IT Security Assurance Lead

Role Introduction

Report To: IT Security Assurance Senior Lead 

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization’s security posture.

Key Responsibilities

• Lead IT risk and security assessments across projects and business-as-usual (BAU) activities, ensuring that identified risks are properly mitigated and tracked to closure.
• Communicate residual risks, vulnerabilities, and noncompliance issues to senior management, providing clear insights into potential exposures and their business impact.
• Act as a subject matter expert in the resolution of reported security incidents, offering guidance and technical input to ensure timely and effective remediation.
• Evaluate exception-based security requests, assess associated risks, and advise business units on appropriate mitigation strategies to maintain compliance with security standards.
• Continuously monitor and stay informed of the latest cybersecurity threats, vulnerabilities, and industry best practices, proactively applying this knowledge to improve internal processes.
• Mentor and manage a team of IT Risk and Security Analysts and Security Testing professionals, fostering their development and ensuring high performance.
• Define, develop, and maintain comprehensive security frameworks, procedures, and methodologies-including those for cloud security, contractual requirements, and risk assessments-to standardize assurance practices.
• Drive efficiency in assurance activities by industrializing control assessments and adapting to changes in security standards, frameworks, and the operating environment.
• Oversee the implementation and quality of security testing across applications and infrastructure, ensuring that test documentation, execution, and results meet defined standards and stakeholder expectations.
• Manage internal and vendor testing resources, ensuring timely and effective delivery of security testing, promoting secure coding practices, and conducting training to uplift security testing capabilities across IT teams.

Requirements

• 5-7 years of hands-on experience in assurance and security testing, with a proven track record in leading small teams and delivering high-quality outcomes in complex environments.
• Demonstrated leadership capabilities, including team management and mentoring, with the ability to guide junior staff and foster a collaborative and high-performance culture.
• Possession of certifications in penetration testing disciplines such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, or CEH, reflecting deep expertise in security assessment methodologies and ethical hacking practices.
• Advanced knowledge of security-related attacks, testing methodologies, industry standards, and assessment tools, enabling effective identification and mitigation of vulnerabilities.
• Strong background in vendor management, including oversight of third-party testing providers, ensuring quality delivery and alignment with internal security requirements.
• Solid competencies in security frameworks and technologies, including Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing, OWASP, NIST, OSSTMM, and OSINT, with the ability to apply these in both project and BAU contexts.
• Expert-level understanding of security solutions and tools, with the ability to evaluate, recommend, and implement technologies that enhance the organization's security posture.
• Excellent communication skills, both verbal and written, with the ability to articulate complex ideas clearly to technical and non-technical audiences, ask insightful questions, and deliver impactful presentations.
• Strong interpersonal skills with the ability to build and maintain effective relationships across teams and stakeholders, fostering trust and collaboration.
• Highly analytical and proactive mindset, with strong problem-solving and decision-making abilities, a focus on customer and end-user needs, and a willingness to embrace and drive change for positive outcomes

Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.