Senior Analyst - Information Security (Application & Infrastructure Risk Management)Ref:217531

Last Updated: 2022/07/15

Company: Information Security Industry: Casino Resorts


Responsibilities:

  • Lead the security assessment on the new corporate initiatives including the architecture design, data / privacy protection, compliance framework etc to identify potential risks and ensure compensation controls are put in place

  • Liaise and facilitate with business units, IT Engagement, PMO and other Information Security function teams to ensure the company security best practice is applied and identify any residual risk throughout the project life cycle

  • Ensure deployed technologies are complying to relevant compliance and regulation requirements

  • Prepare the Security clearance sign-off report/review on new systems prior to live implementation

  • Evaluate the current organization security posture with the latest industrial security trend / technology to identify enhancement opportunities and provide effective recommunication to management team

  • Conduct risk review and analysis on Change/Service Request in ticketing system to identify potential risks

  • Coordination on the evaluation, deployment, and management of current and future information security technologies

  • Participate in regular review and utilize the Security framework (e.g. ISO 27001, NIST) to develop the security standard and guideline as the company control framework

  • Support periodic Security documents updates to identify and address the latest trends and risks discovered

  • Remain informed on current standards, trends, and issues in the information security industry

  • Support annual internal/external audit activities.

Requirements:

  • Bachelor’s degree in Management Information System, Computer Science, or related discipline

  • An information security or other similar technical certification such as Certified in Risk and Information Systems Control (CRISC, Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

  • Proven experience in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint)

  • Minimum 5 years relevant experience in Information Security, experience with Security Risk Assessments is highly desired

  • Good understanding of emerging technologies and associated risks on CyberSecurity, Cloud Security, etc.

  • Strong technical knowledge to be able to conduct security assessment and risk control on different technology domains, such as on premise, network security, SaaS, and Private cloud platforms (e.g. AWS, Microsoft Azure and Alibaba Cloud), various security platforms used for risk control such as IAM, PAM, SIEM, WAF, EDR, DLP email security, etc is highly desirable

  • Strong analytical and inter-personal skills to communicate technical information to non-technical background users

  • Familiar with security industry frameworks e.g. CIS, NIST, PCI-DSS, ISO 27001 / 27701 / 27018

  • Good knowledge of application security vulnerabilities, e.g. vulnerabilities in OWASP Top 10

  • Capacity to work independently and in a team environment, with proven leadership ability and project management skills

  • Fluency in English and Chinese (both verbal and written)

apply