Going, going, gone...

Looks like this career opportunity is no longer available. We may have filled the position or it was taken down for other reasons. We know this isn’t what you were hoping for but we have great new opportunities opening all the time.

Start a new search now!

IT Risk and Security Lead

  • Technology
  • Hong Kong Special Administrative Region of China
  • Cathay Pacific
  • Application Deadline

Reports to: IT Risk and Security Manager

Department: Information Technology (IMT)

This position involves:

  • Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
  • Leading Security Assessments and Security Audits
  • Developing security awareness material and conducting training for Cathay Pacific staff
  • Mentoring direct report IT Risk and Security Analyst staff
  • Benchmarking various security products and perform benefit analysis
  • Developing security frameworks to be used by IT Risk and Security Analysts (eg. cloud security assessment, contractual requirements, risk assessment methodology)
  • Managing and updating IT Security policies and guidelines
  • Contribute in developing of overall Data Governance principles and methodologies in CPA


Key Responsibilities

  • Lead IT Risk and Security assessments and follow up mitigation items.
  • Take up an advisory role to IT and the Business to specify pragmatic security requirements
  • Lead various security audits and direct teams to remediate the findings
  • Accountable for evaluating security product and benefit analysis of these products
  • Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
  • Drive and facilitate development of security architecture, security policies, principles and standards
  • Provide SME inputs in resolution of reported security incidents
  • Evaluate risks and threats on exception-based security requests & advise BUs on required mitigation
  • Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
  • Drive to develop Security awareness material and conduct Security awareness training to Cathay Pacific staff
  • Mentor and Manage IT Risk and Security Analysts
  • Develop security frameworks to be used by IT Risk and Security Analysts (eg. cloud security assessment, contractual requirements, risk assessment methodology)
  • Participate and Contribute in development and improvement of Data Governance and Data classification principles


  • Certification in information security disciplines such as CISM, CISA or CISSP
  • University graduate in IT
  • 8 years within IT Security field 
  • Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security

Key Competencies

  • Setting Direction
  • Leading and Engaging Teams
  • Driving Business Performance and Change
  • Developing and Recognising others

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.

Apply now