Last Updated: 2022/07/15
Company: Information Security Industry: Casino Resorts
Responsibilities:
Lead the security assessment on the new corporate initiatives including the architecture design, data / privacy protection, compliance framework etc to identify potential risks and ensure compensation controls are put in place
Liaise and facilitate with business units, IT Engagement, PMO and other Information Security function teams to ensure the company security best practice is applied and identify any residual risk throughout the project life cycle
Ensure deployed technologies are complying to relevant compliance and regulation requirements
Prepare the Security clearance sign-off report/review on new systems prior to live implementation
Evaluate the current organization security posture with the latest industrial security trend / technology to identify enhancement opportunities and provide effective recommunication to management team
Conduct risk review and analysis on Change/Service Request in ticketing system to identify potential risks
Coordination on the evaluation, deployment, and management of current and future information security technologies
Participate in regular review and utilize the Security framework (e.g. ISO 27001, NIST) to develop the security standard and guideline as the company control framework
Support periodic Security documents updates to identify and address the latest trends and risks discovered
Remain informed on current standards, trends, and issues in the information security industry
Support annual internal/external audit activities.
Requirements:
Bachelor’s degree in Management Information System, Computer Science, or related discipline
An information security or other similar technical certification such as Certified in Risk and Information Systems Control (CRISC, Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable
Proven experience in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint)
Minimum 5 years relevant experience in Information Security, experience with Security Risk Assessments is highly desired
Good understanding of emerging technologies and associated risks on CyberSecurity, Cloud Security, etc.
Strong technical knowledge to be able to conduct security assessment and risk control on different technology domains, such as on premise, network security, SaaS, and Private cloud platforms (e.g. AWS, Microsoft Azure and Alibaba Cloud), various security platforms used for risk control such as IAM, PAM, SIEM, WAF, EDR, DLP email security, etc is highly desirable
Strong analytical and inter-personal skills to communicate technical information to non-technical background users
Familiar with security industry frameworks e.g. CIS, NIST, PCI-DSS, ISO 27001 / 27701 / 27018
Good knowledge of application security vulnerabilities, e.g. vulnerabilities in OWASP Top 10
Capacity to work independently and in a team environment, with proven leadership ability and project management skills
Fluency in English and Chinese (both verbal and written)