Going, going, gone...

Looks like this career opportunity is no longer available. We may have filled the position or it was taken down for other reasons. We know this isn’t what you were hoping for but we have great new opportunities opening all the time.

Start a new search now!

IT Risk and Security Analyst

  • Technology
  • Hong Kong Special Administrative Region of China
  • Cathay Pacific

Location: Hong Kong Special Administrative Region of China 

Reports to: IT Risk and Security Lead

Department: Information Technology

  • Contribute in overall Data Governance principles and methodologies in CPA
  • Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
  • Conduct risk assessments of new initiatives and participate in Security audits
  • Developing IT Security policies and guidelines
  • Developing security awareness material and conducting training for Cathay Pacific staff

Key Responsibilities

  • Conduct IT Risk and Security assessments to identify Security risks and follow up mitigation items.
  • Provide an advisory role to IT and the Business to specify pragmatic security requirements
  • Participate in Audits and provide advisory to remediate the findings
  • Evaluate and perform benefit analysis security products
  • Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
  • Assist in the development of security architecture, security policies, principles and standards
  • Provide SME support in the resolution of reported security incidents and provide leadership where required
  • Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
  • Develop Security awareness material and conduct Security awareness training to Cathay Pacific staff
  • Advise on exception-based security requests
  • Participate and Contribute in development and improvement of Data Governance and Data classification principles


All of the following experience and qualifications are preferred, but not mandatory:

  • Certification in information security disciplines such as CISM, CISA or CISSP
  • University graduate in IT
  • 4 years in IT Security field
  • Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security

Application deadline: 29 February 2020

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.