Reports to: IT Security Controls Senior Lead

This role is part of the Information Technology Department, dedicated to maintaining a secure and resilient digital environment through continuous monitoring and enhancement of IT security controls.

As the IT Security Controls Specialist, you will be responsible for evaluating the day-to-day effectiveness of the company’s IT security controls, identifying control gaps, and ensuring that defined measures achieve their intended outcomes. You will collaborate with extended IT security teams to respond to various security-related requests and support daily operational processes.

To broaden your knowledge and experience, you will also take part in a structured job rotation program within the Information Technology Department, gaining exposure to different security functions and building a strong foundation for long-term career development.

• Working knowledge on Firewall requests, change plans, project plans etc., work on different IT security request review and approval as part of BAU
• Implement & review the IT security controls process and act to validate all defined controls effectiveness.
• Perform the end-to-end vulnerability management handling of different VM tools like Infrastructure vulnerabilities and ensure compliance within the SLA
• Understand and have hands on experiences for compliance framework of ISO27001, PCIDSS, NIST standard
• Revisit existing security governance, procedure to ensure its up to date as per company IT security policy. Work with various IT function teams including business unit to measure different IT security controls effectiveness.
• Perform the vulnerability management exemption handling process for different tools like IAST, SCA, etc.,
• Audit support functions including evidence collection and update, implement the suggested controls
• Work with extended IT security team members to revisit and update controls as per emerging threat landscape.
• Good understanding and execution on different security concepts/ solutions e.g. Vulnerability Management, Privilege Identity Management, MFA, Threat Intel, Network Security, SIEM etc. across on-premises and cloud environments.
• Understanding of up-to-date spanet standards, able to translate the state of art knowledge to IT security controls process. Co-ordinate with multiple teams and vendors to ensure the migration completes as per the schedule

• Bachelor degree in Information Technology, Computer Science, Computer is preferred
• Around 2 years relevant IT experiences
• CISSP, CISM, CRISC, ISO 27001 lead auditor or relevant experience preferred
• Knowledge on compliance framework i.e. ISO 27001, PCIDSS
• Self-motivation, willing to keep update to spanet standards and technology
• Engineering, or Cyber Security preferred

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.