Reports to: Head of IT Risk and Security
Department: Information Technology (IMT)
This position involves:
- Develop, Manage and improve operational practices including overseeing service delivery for all aspects of the managed security services provider.
- Drive Security monitoring and reporting improvements.
- Manage budgets of IT Security Operations team
- Facilitate in developing security awareness material and trainings for Cathay Pacific staff
- Managing and Mentoring IT Security Operations staff
- Overseeing the creation and maintenance of CPA’s information security strategy and policy, leads security risk assessment efforts, and investigation of information security incidents.
- Ability to manage and handle multiple matters and reprioritization as required by operational and security needs
- Strong communication skills verbal and written.
- Advising and collaborating with different divisions/departments on projects, business continuity and disaster recovery plans, and audit and compliance practices.
- Lead and manage all aspects of the outsourced Security Operations Center including weekly and monthly reporting, health and operational metrics and adherence to contractual SLAs
- Manage to annual budget and ability to forecast spend
- Revise and develop processes to strengthen the current Security Operations Framework, ensure alignment with CPAs security controls
- Responsible for vendor management, understand the overall use of resources and initiate any corrective action where required for the SOC
- Responsible for integration of security tools across CPA ensuring the right security logs are feeding the SIEM
- Ensure strong alignment with various vendors involved in Threat detection, identification and protection.
- Drive the creation of reports, dashboards, metrics for SOC operations and presentation to Leadership
- Liaison with both internal and external auditors providing evidence and managing any remediation
- Foster the use of security best practices across the SOC, team members within Global Information Security, Business segments and technology solution providers
- Ensure all operational processes, run books and platform strategies are documented, exercised and continually improved
- Provide an advisory role to IT and the Business to specify pragmatic security requirements
- Participate in Audits and help remediate the findings
- Provide oversight to all security product evaluations, IT/Business Unit Projects and security risk assessments.
- Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
- Assist in the development of security architecture, security policies, principles and standards
- Approve exception-based security requests
- Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
- Provide inputs to develop Security awareness material and conduct Security awareness training to Cathay Pacific staff
- Contribute to maintain and update IT Risk Register
- Assist the CPA Data Protection Officer in enforcing data privacy requirements for IT systems.
- Define, develop, and manage an effective and proactive Cyber security Incident Response capability using a combination of in-house, outsourced and external resources.
- Assist CPA as necessary to investigate security breaches and pursue associated forensic analysis, disciplinary and legal matters.
- Work with Internal Audit, Legal and Compliance and outside consultants as appropriate on required security audits.
- Assist with disaster recovery activities
- Participate and Contribute in development and improvement of Data Governance and Data classification principles
- Certification in information security disciplines such as CISM, CISA or CISSP
- University graduate in IT
- 10 years within IT Security field and particular in Security Operations in last 5 years.
- At least 3 years management experience
- Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
- Experience with implementation of security technologies such as: DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security
- Experience with privacy legislation
- Able to present and communicate with senior stakeholders
- Setting Direction
- Leading and Engaging Teams
- Driving Business Performance and Change
- Developing and Recognising Others
Application deadline:29 February 2020
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.