IT Security Controls Analyst

Role Introduction:

Responsible for monitoring the day-to-day security controls effectiveness of company’s IT security environment, identify the controls gap and ineffective outcome of defined controls set. Assist and work with extended IT security teams to response different security requests. Involve in daily security operation process. Job rotation within IT security department.

Key Responsibilities:
1、Execute to setup and monitoring mechanism to as per the defined security controls pattern.
2、Work with extended IT team and business unit to measure the effectives of defined security controls
3、Solid hands-on knowledge to translate the technical controls requirement to pragmatic and enforceable action.
4、Understand compliance framework of ISO27001 and PCIDSS standard, translate the technical controls requirement to enforceable technical controls requirement.
5、Work as second layer of defence within IT departments to revisit existing controls gate and report any abnormal situation
6、Work with various IT function teams including business unit to measure different IT controls effectiveness.
7、Audit support functions including evidence collect and update, implement the suggested controls
8、Work with extended IT security team members to revisit and update controls as per emerging threat landscape.
9、Assist on IT security incident monitoring and response
10、Assist on IT security operation solution administration and operation.
11、E&A Responsibility
1）Emergency and Accident and Crisis Response responsibilities as required

Qualifications/ Experience:

1）5 years relevant IT experiences
2）CISSP, CISM, CRISC, ISO 27001 lead auditor or relevant experience preferred.
3）Knowledge on compliance framework i.e. ISO 27001, PCIDSS
4）Self-motivation, willing to keep update to market standards and technology
5）BA or BS degree in Information Technology, Computer Science, Computer Engineering, or Cyber Security preferred


声明：
1、国泰航空为每位应聘者提供平等应聘的机会。应聘者提供的个人数据将严格按照政策使用，并仅用于招聘目的。
2、如八周内未收到进一步安排可视为应聘不成功。所有相关信息将被存档至多二十四个月。如有需求可联系我们的数据保护人员提供个人信息收集声明的副本。

注意:
1、所有中国大陆职位的劳动合同遵循当地条款。
2、一旦确认录用，将安排与当地 FASCO或 FESCO签订劳动合同，及由其负责档案保管。