Department : Information Technology
Report to : IT Risk and Security Manager
Key Responsibilities :
Participate in Audits and help remediate the findings
Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
Work with IT and business units to provide an advisory role to achieve security requirements by enforcing security control policies as planned
Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
Develop Security awareness material and conduct Security awareness training to Cathay Pacific employees
Provide 24x7 on call assistance in responding to security incidents. This is roster based for up to 10 days per month
Validate and enforce baseline security configurations for operating systems, applications, networking and telecommunications equipment
Monitor compliance reviews and carry out assessments; follow up on deficiencies identified and ensure remediation steps have been taken
Manage day-to-day tasks for : identity and access management, Anti-virus, password management, PKI, IPS, cloud security, SIEM, DLP etc.
Process normal and exception-based security authorization requests
5 years within the IT industry, with two years in a similar role
Tertiary education in Information Technology
Certification in information security disciplines such as CISM, CISA or CISSP, highly preferred
Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
Experience with implementation of security technologies such as : DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security
Experience managing and monitoring the performance of third party vendors
In-depth experience working with security monitoring tools
In-depth experience managing recovery from an incident or major disasters
the above experience and qualifications are preferred, but not madatory)
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only.
Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months.
A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.
Job Segment : Telecom, Telecommunications, Information Security, Technology