IT Security Assurance Analyst

Role Introduction

Reports To: IT Security Assurance – Senior Lead

This role is part of our Information Security team, dedicated to safeguarding our digital ecosystem and ensuring trust across all technology touchpoints.

As the IT Security Assurance Analyst, you will play a key role in identifying and mitigating risks by leading security assessments and testing across initiatives, contracts, and applications. Your mission is to ensure that all solutions align with our security standards and best practices.

With your expertise in IT security and stakeholder management, you will be responsible for driving assurance activities, developing clear guidelines, and fostering a culture of proactive risk management. You will also have the opportunity to lead and mentor a team, collaborate with cross-functional partners, and contribute to the continuous improvement of our security posture.

Key Responsibilities

• Support risk and security assessments and follow up on mitigation items
• Assist team leads in evaluating risks and threats related to exception-based security requests, and advise business units on required mitigation
• Help team leads proactively maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation strategies, and industry best practices
• Utilize in-house security assessment frameworks developed by team leads (e.g., cloud security assessment, contractual requirements, risk assessment methodology)
• Contribute to maintaining assessment and testing procedures, guidelines, and frameworks
• Participate in managing assessment and testing tools and conduct security testing activities
• Review and validate test vendor delivery quality, including pass/fail criteria, stakeholder acceptance standards, and coverage of security non-functional requirements
• Support team leads in coordinating and prioritizing security testing resources to ensure timely and effective delivery across multiple projects and BAU activities, based on priority and criticality
• Document and communicate all findings, including any residual risks, to relevant teams. Collaborate across teams with test vendors and internal resources to enhance the security testing methodology
• Remain up to date on the latest trends in cyberattacks and understand their implications for testing methods

Requirements

• Tertiary education in Information Technology, Computer Science, Cybersecurity, or a related field
• 6 years’ IT experience, and 2-3 years’ experience relevant experience in assurances or security testing area
• Certification in penetration testing discipline such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, CEH is preferred
• Entry level knowledge of security-related attacks, security testing methodologies, standards and assessment tools
• Entry level knowledge in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong interpersonal skills and able to maintain good relationship with others
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Analytical, problem-solving, and decision-making skills;
• Fair skills in troubleshooting and ability to identify patterns and generate ideas
• Focus on the end users or customers’ needs

Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.