IT Security Assurance Lead (Assessment)

Role Introduction

Report To: IT Security Assurance Senior Lead

This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence.

As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure that all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards.

With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization’s security posture.

Key Responsibilities

• Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations
• Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization
• Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation
• Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements
• Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to ensure the organization’s security posture remains resilient and adaptive
• Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals
• Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices
• Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments
• Oversee vendor management and testing tools, ensuring quality delivery, alignment with security requirements, and effective use of resources across multiple projects and BAU activities
• Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization

Requirements

• 5-7 years’ experience relevant experience in Assurances and Testing area with team leading experience
• For assessments - Certification in penetration testing discipline such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, CEH
• For Testing - Solid competencies in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; Solid experience in vendor management; Advanced knowledge on security solutions and tools
• Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact
  Strong interpersonal skills and able to maintain good relationship with others
• Proven management experience is a plus
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Well-developed analytical, problem-solving, and decision-making skills; strong troubleshooting skills; ability to identify patterns and generate ideas
• Focus on the end users or customers’ needs; ability to set expectations and understand end user behaviour

Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.