Reports to: IT Security Operations Lead
- Develop Security awareness material and conduct Security awareness training to Cathay Pacific staff.
- Provide 24x7 on call assistance in responding to security incidents. This is roster based for up to 10 days per month
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Validate and enforce baseline security configurations for operating systems, applications, networking and telecommunications equipment
- Reviews and analyzes daily security intelligence feeds, provides detection engineering recommendations, and applies protections to mitigate new threats.
- Monitor, analyze, and synthesize daily security alerts/events surfaced via internal and external sources.
- Investigate and validate actionable security alerts/events and escalate or take action as indicated in security model to mitigate threats
- Monitor compliance reviews and carry out assessments; follow up on deficiencies identified and ensure remediation steps have been taken
- Manage day-to-day tasks for: identity and access management, Anti-virus, password management, PKI, IPS, cloud security, Web Proxy, SIEM, DLP etc.
- Process normal and exception-based security authorization requests
- Certification in information security disciplines such as CISM, CISA or CISSP
- University graduate in IT
- 4 years in IT Security field
- Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security
- Experience managing and monitoring the performance of third party vendors
- In-depth experience working with security monitoring tools
- In-depth experience managing recovery from an incident or major disaster
Personal & Application Information
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.