Share this Job

IT Risk & Security Analyst

Apply now »

Date: 10-Mar-2018

Location: Hong Kong 

Department: Information Technology

Reports To: IT Risk and Security Lead

As the IT Risk and Security Analyst, you are required to work with business units and IT to identify risks, raise awareness and recommend pragmatic measures to reduce the risk level; Develop IT Security policies and guidelines as well as security awareness material and conducting training for Cathay Pacific employees.

Key Responsibilities:                  

  • Conduct IT Risk and Security assessments and follow up mitigation items.
  • Provide an advisory role to IT and the Business to specify pragmatic security requirements
  • Participate in Audits and help remediate the findings
  • Perform security product evaluations
  • Report to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance
  • Assist in the development of security architecture, security policies, principles and standards
  • Provide SME support in the resolution of reported security incidents and provide leadership where required
  • Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
  • Develop Security awareness material and conduct Security awareness training to Cathay Pacific employees
  • Advise on exception-based security requests  


  • Certification in information security disciplines such as CISM, CISA or CISSP is highly preferred
  • Tertiary education in Information Technology
  • 5 years within the IT industry, with two years in a similar role
  • Experience with common information security management frameworks, such as ISO 27001, CobiT, ITIL, PCI
  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Anti-Virus, PKI, and cloud security could be an advantage.

Application Deadline : 31 March 2018

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.


Job Segment: Information Security, Technology

Apply now »