• Pacific Focus

Risk and Security Lead


  • Lead IT Risk and Security assessments and follow up mitigation items.

  • Take up an advisory role to IT and the Business to specify pragmatic security requirements

  • Lead various security audits and direct teams to remediate the findings

  • Accountable for evaluating security product and benefit analysis of these products

  • Communicate to senior management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance

  • Drive and facilitate development of security architecture, security policies, principles and standards

  • Provide SME inputs in resolution of reported security incidents

  • Evaluate risks and threats on exception-based security requests & advise BUs on required mitigation

  • Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation and industry best practices

  • Drive to develop Security awareness material and conduct Security awareness training to Cathay Pacific staff

  • Mentor and Manage IT Risk and Security Analysts

  • Develop security frameworks to be used by IT Risk and Security Analysts (eg. cloud security assessment, contractual requirements, risk assessment methodology)

  • Participate and Contribute in development and improvement of Data Governance and Data classification principles


  • Certification in information security disciplines such as CISM, CISA or CISSP

  • University graduate in IT

  • 8 years within IT Security field

  • Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI

  • Experience with implementation of security technologies such as: DLP, SIEM, IPS, Antimalware, Vulnerability Management, Web Proxy, Advance Threat Protection tools & technologies, PKI, and cloud security