Cathay Pacific is an iconic and award-winning brand, headquartered in Hong Kong. As part of the oneworld alliance, they serve over 200 destinations in over 50 countries across the world.
IT Risk and Security Lead
Hong Kong
Reports to: IT Risk and Security Manager

Department: Information Technology (IMT)

This position involves:
  • Advisory to business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level
  • Leading Security Assessments and Security Audits
  • Developing security awareness material and conducting training for Cathay Pacific staff
  • Mentoring direct report IT Risk and Security Analyst staff
  • Benchmarking various security products and perform benefit analysis
  • Developing security frameworks to be used by IT Risk and Security Analysts (eg. cloud security assessment, contractual requirements, risk assessment methodology)
  • Managing and updating IT Security policies and guidelines
  • Contribute in developing of overall Data Governance principles and methodologies in CPA

Key Responsibilities
  • Lead IT Risk and Security assessments and follow up mitigation items.
  • Take up an advisory role to IT and the Business to specify pragmatic security requirements
  • Lead various security audits and direct teams to remediate the findings
  • Accountable for evaluating security product and benefit analysis of these products
  • Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
  • Drive and facilitate development of security architecture, security policies, principles and standards
  • Provide SME inputs in resolution of reported security incidents
  • Evaluate risks and threats on exception-based security requests & advise BUs on required mitigation
  • Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
  • Drive to develop Security awareness material and conduct Security awareness training to Cathay Pacific staff
  • Mentor and Manage IT Risk and Security Analysts
  • Develop security frameworks to be used by IT Risk and Security Analysts (eg. cloud security assessment, contractual requirements, risk assessment methodology)
  • Participate and Contribute in development and improvement of Data Governance and Data classification principles

  • Certification in information security disciplines such as CISM, CISA or CISSP
  • University graduate in IT
  • 8 years within IT Security field
  • Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI
  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security

Key Competencies
  • Setting Direction
  • Leading and Engaging Teams
  • Driving Business Performance and Change
  • Developing and Recognising others

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.
A.S. Watson Group | Hong Kong

The Digital Marketing Intern will be supporting the digital marketing and business development team in ad-hoc research, assist in developing social strategies and upcoming Online + Offline projects fo...

1 month ago
idNerd Studio | Hong Kong

idNerd Studio is looking for talented 3D Animator (Generalist) to join our growing team. This position will be offer initially as contract based position (project based, with a possibility to convert ...

1 month ago
JOS | Hong Kong

All personal data of unsuccessful applicants will be destroyed within two years. Applicants who are not invited for an interview within 3 weeks may consider their application unsuccessful. We are an E...

1 month ago
JOS | Singapore

• Liaise and coordinate with third party vendors for replacement parts/components and rectification of faults if the equipment is under warranty or under some form of maintenance contract between the ...

1 month ago
JOS | Singapore

• Troubleshoot, repaired software and hardware problems on PCs, laptops, workstations, Server and printers • Consulted individuals and groups on computer equipment needs and recommended upgrade option...

1 month ago