Department: Information Management

Reports to: Security Operations Lead

Join our IT Infrastructure and Operations, Security Team and help analyze Corporate Information Security environment, recommend security measures to safeguard Cathay Pacific’s valuable IT assets.

Key Responsibilities:

• Work with business units to provide an advisory role, achieve security requirements by enforcing security control policies as planned
• Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
• Assist in development of security architecture, policies, principles and standards
• Resolve negative audit findings reported by internal and external audits
• Validate and enforcing baseline security configurations for operating systems, applications, networking and telecommunications equipment
• Monitor compliance reviews and carry out assessments; follow up on deficiencies identified and ensure remediation steps have been taken
• Provide subject matter expertise on a variety of security initiatives, including but not limit to access entitlements, data privacy, key management and encryption
• Research, evaluate and propose security enhancements to maintain or surpass industry standards
• Review, design and re-engineer security operational processes with current and new technologies to improve security controls and business performance
• Govern the security requirement is fulfilled along with Change/Project management process in order to comply with operational standards/guidelines

Requirements:

• Bachelors degree in Computer Science or related field
• Minimum 6 years’ solid working experience in the IT industry, with at least 2 years in security role
• Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL
• Proficiency in performing risk, business impact, control and vulnerability assessments
• Strong problem solving and analytical skills
• Certification in Information Security disciplines such as CCSK, CISM, CISA or CISSP preferred
• Working experience including one or more of PKI, digital signatures, SSL, VPN IPSec, LDAP, encryption, web proxy, DLP and Single Sign-On approaches
• Sound understanding of the Software Development Life Cycle, with a focus on IT security
• Good experience of IT security services integration, including authentication, entitlements, encryption and audit capabilities as part of overall system designs
• Solid experience on database activity monitoring solutions and database security/auditing solutions
• Experience with database administration, mission critical system and OLTP applications, preferred skills include: Demonstrated understanding of internet protocols, network architecture and appliances, along with knowledge of network security technologies
  • OLTP (Online Transaction Processing)
  • OLAP (Online Analytical Processing)
  • Administration of Relational Databases
  • Oracle, Java, and/or SQL experience
• Demonstrated understanding of well-known web/Internet attack types, such as cross-site scripting, SQL injection, buffer overflows and format string bugs…etc.
• Good project management, lateral thinking and planning skills 
• Experience in IT along with strong technical marketing background 
• Sound interpersonal.  Strong verbal, written, negotiation/presentation skills in communication with business units and senior management

Application Deadline: 30 Nov 2016