Reports to: IT Security Controls Snr Lead

Responsible for monitoring the day-to-day security controls effectiveness of company’s IT security environment, identify the controls gap and ineffective outcome of defined controls set. Assist and work with extended IT security teams to response different security requests. Involve in daily security operation process. Job rotation within IT security department.

• Execute to setup and monitoring mechanism to as per the defined security controls pattern.
• Work with extended IT team and business unit to measure the effectives of defined security controls
• Solid hands-on knowledge to translate the technical controls requirement to pragmatic and enforceable action.
• Perform the account controls governance tasks on a weekly basis to ensure the accounts are compliant
• Implement & review the IT security controls process and act to validate all defined controls effectiveness.
• Understand compliance framework of ISO27001 and PCIDSS standard, translate the technical controls requirement to enforceable technical controls requirement.
• Work as second layer of defence within IT departments to revisit existing controls gate and report any abnormal situation
• Work with various IT function teams including business unit to measure different IT controls effectiveness.
• Audit support functions including evidence collect and update, implement the suggested controls
• Work with extended IT security team members to revisit and update controls as per emerging threat landscape.
• Assist on IT security incident monitoring and response 
• Assist on IT security operation solution administration and operation.

• 5 years relevant IT experiences
• CISSP, CISM, CRISC, ISO 27001 lead auditor or relevant experience preferred.
• Knowledge on compliance framework i.e. ISO 27001, PCIDSS
• Self-motivation, willing to keep update to spanet standards and technology
• BA or BS degree in Information Technology, Computer Science, Computer Engineering, or Cyber Security preferred

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.