IT Security & Risk Analyst - Based in Hong Kong
CXC Australasia
Job Location
Job Type
Full TimeVisa Sponsorship
Not AvailableRelocation
AllowedHiring contact
Charles LaiThe Role
** Key Responsibilities**
Conduct IT Risk and Security assessments to identify Security risks and follow up mitigation items.
Provide an advisory role to IT and the Business to specify pragmatic security requirements
Participate in Audits and provide advisory to remediate the findings
Evaluate and perform benefit analysis security products
Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
Assist in the development of security architecture, security policies, principles and standards
Provide SME support in the resolution of reported security incidents and provide leadership where required
Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
Develop Security awareness material and conduct Security awareness training to Cathay Pacific staff
Advise on exception-based security requests
Participate and Contribute in development and improvement of Data Governance and Data classification principles
Contribute in overall Data Governance principles and methodologies in CPA
Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
Conduct risk assessments of new initiatives and participate in Security audits
Developing IT Security policies and guidelines
Developing security awareness material and conducting training for the client staff
**
**Requirements
All of the following experience and qualifications are preferred, but not mandatory:
Certification in information security disciplines such as CISM, CISA or CISSP
University graduate in IT
4 years in IT Security field
Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security