Location: Hong Kong Special Administrative Region of China
Reports to: IT Risk and Security Manager
Department: Information Technology
As the IT Risk and Security Analyst, you are required to work with business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level; Develop IT Security policies and guidelines as well as security awareness material and conducting training for Cathay Pacific employees.
- Conduct IT Risk and Security assessments and follow up mitigation items.
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Participate in Audits and help remediate the findings
- Perform security product evaluations
- Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Assist in the development of security architecture, security policies, principles and standards
- Provide SME support in the resolution of reported security incidents and provide leadership where required
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Develop Security awareness material and conduct Security awareness training to Cathay Pacific employees
- Advise on exception-based security requests
- University Graduate. Business, Procurement and or Hospitality related degree an advantage
- Minimum 3 years of relevant commercial experience in a relevant environment (knowledge of inflight catering/equipment an advantage)
- Strong background in Procurement. A relevant professional qualification an advantage (e.g. CIPS)
- Relevant experience in supply market analysis, cost evaluation and contract management
- Knowledge of the category economics and operating model
- Strong negotiation, influencing and commercial skills
- Excellent interpersonal and communication skills, with a proven ability to effectively develop relationships with cross-functional teams and at a multiple organisation levels
- Ability to work independently and meet tight deadlines
- Effective leadership and change management skills
- Numerate and with good computer skills
- Fluent in spoken English, Mandarin a plus
- Certification in information security disciplines such as CISM, CISA or CISSP is highly preferred
- Tertiary education in Information Technology
- 5 years within the IT industry, with two years in a similar role
- Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security could be an advantage.
Application deadline: 1 March 2019
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.