Reports to: IT Security Assurances – Sr. Lead

This role is responsible for developing and managing the security assessment and IT security testing to ensure that the initiatives, contracts and applications are properly assessed for any inherit risks and adhere to security standards. This role will require an ambitious individual that has proven ability to lead and manage a team, develop and enforce the implementation of clear guidelines and best practices for assurance, deliver engagements and manage a diverse set of stakeholders. 

Areas of Assessments

• Support Risk and Security assessments and follow up mitigation items.
• Support team leads to evaluate risks and threats on exception-based security requests & advise BUs on required mitigation
• Support team leads to proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices
• Use in house security assessment frameworks developed by team leads (e.g. cloud Security assessment, contractual requirements, risk assessment methodology)
• Support maintaining assessments and testing procedures, guidelines, and frameworks
• Support in assessment and testing tools

Areas of Testing

• Support security testing
• Support test vendors delivery quality including review of testing pass/fail criteria, ensuring standards for stakeholder acceptance is in place and ensuring that the defined security test scenarios are adequately cover the security non-functional requirements
• Support team leads to liaise and prioritize security testing resources to ensure multiple project and BAU security testing is delivered timely and effectively base on priority and criticality
• Report and record all findings and communicate any residual risk to the relevant teams
• Cross- team collaboration with test vendors and internal resources to improve the security testing methodology
• Keep abreast of the latest trends in cyberattacks and understand the implication to testing methods

• 2-3 years’ experience relevant experience in assurances or security testing area
• For assessments- Certification in penetration testing discipline such as OSCP, SANS-GWAPT, OSEP, OSWE, OSCE, CEH is preferred
• Entry level knowledge of security-related attacks, security testing methodologies, standards and assessment tools
• For Testing – entry level knowledge in information security processes, framework and technologies, such as: Network & Application Vulnerability Assessment, IT Risk Assessment, Penetration Testing & Ethical Hacking, OWASP, NIST, OSSTMM, OSINT etc.
• Strong interpersonal skills and able to maintain good relationship with others
• Proactive and willing to accept and drive changes to accomplish positive outcomes
• Analytical, problem-solving, and decision-making skills; 
• Fair skills in troubleshooting  and ability to identify patterns and generate ideas
• Focus on the end users or customers’ needs

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.