Going, going, gone...

Looks like this career opportunity is no longer available. We may have filled the position or it was taken down for other reasons. We know this isn’t what you were hoping for but we have great new opportunities opening all the time.

Start a new search now!

IT Risk and Security Analyst

  • IMT - Information Technology
  • Hong Kong Special Administrative Region of China
  • Cathay Pacific
  • Application Deadline
    23 Oct 2022
Role Introduction

Reports To: IT Risk and Security Lead

  • Contribute in overall Data Governance principles and methodologies in Cathay Pacific group of companies
  • Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
  • Participate in managing IT Risks
  • Conduct risk assessments and participate in Security audits
  • Developing IT Security policies and guidelines
  • Developing security awareness material and conducting training trainings for various target audience
Key Responsibilities

  • Conduct IT Risk and Security assessments to identify Security risks and follow up mitigation items.
  • Provide an advisory role to IT and the Business to specify pragmatic security requirements
  • Co-ordinate and follow IT Risk Management Process.
  • Maintain and update IT Risk Register.
  • Participate in Audits and provide advisory to remediate the findings
  • Participate in activities related to various compliances e.g. PCIDSS, ISO27K1, CAD and etc.
  • Evaluate and perform benefit analysis security products
  • Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
  • Support the development of security architecture, security policies, principles and standards
  • Provide SME support in the resolution of reported security incidents and provide leadership where required
  • Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
  • Develop Security awareness material and conduct Security awareness trainings for various target audience
  • Advise on exception-based security requests
  • Participate and Contribute in development and improvement of Data Governance and Data classification principles

All of the following experience and qualifications are preferred, but not mandatory:

  • Certification in information security disciplines such as CISM, CISA or CISSP or CRISC or CCSK
  • University graduate in IT
  • 3 years in IT Security field
  • Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security
Personal & Application Information

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.

Please note that with effect from 1 June 2022 onwards, all Cathay employees and contractors who work in Cathay City and all other Cathay Group Company premises in Hong Kong must have received a third dose of COVID 19 vaccine. Being tested regularly for COVID-19 is not an option. Consideration will be given to those who are unable to get vaccinated for valid medical reasons

Apply now