Senior Analyst, Information Security (App & Infra Risk Management)
jobs-near-me.org
REQ10797 Senior Analyst, Information Security (App & Infra Risk Management) (Open Date: 09/04/2024)
POSITION SUMMARY:
As Senior Analyst, Information Security (Application & Infrastructure Risk Management) you will be part of the Information Security Team focusing on identifying, managing, and reporting Information Security Risks in Melco
PRIMARY RESPONSIBILITIES:
Lead the security assessment on the new corporate initiatives including the architecture design, data / privacy protection, compliance framework etc to identify potential risks and ensure compensation controls are put in place
Liaise and facilitate with business units, IT Engagement, PMO and other Information Security function teams to ensure the company security best practice is applied and identify any residual risk throughout the project life cycle
Ensure deployed technologies are complying to relevant compliance and regulation requirements
Prepare the Security clearance sign-off report/review on new systems prior to live implementation
Evaluate the current organization security posture with the latest industrial security trend / technology to identify enhancement opportunities and provide effective recommunication to management team
Conduct risk review and analysis on Change/Service Request in ticketing system to identify potential risks
Coordination on the evaluation, deployment, and management of current and future information security technologies
Participate in regular review and utilize the Security framework (e.g. ISO 27001, NIST) to develop the security standard and guideline as the company control framework
Support periodic Security documents updates to identify and address the latest trends and risks discovered
Remain informed on current standards, trends, and issues in the information security industry
Support annual internal/external audit activities
Gather threat intelligence information from different sources and inform relevant parties to mitigate risks affecting the systems in use
QUALIFICATIONS:
Experience
Minimum 5 years relevant experience in Information Security, experience with Security Risk Assessments is highly desired
Good understanding of emerging technologies and associated risks on CyberSecurity, Cloud Security, etc.
Strong technical knowledge to conduct security assessment and risk control on different technology domains, such as on premise, network security, SaaS, and Private cloud platforms
Knowledge of application security vulnerabilities, e.g. vulnerabilities in OWASP Top 10
Strong knowledge of various security platforms used for risk control such as IAM, PAM, SIEM, WAF, EDR, DLP email security, etc is highly desirable
Familiar with security industry frameworks e.g. CIS, NIST, PCI-DSS, ISO 27001 / 27701 / 27018
Education
Bachelor’s degree in Management Information System, Computer Science, or related disciplines
An information security or other similar technical certification such as Certified in Risk and Information Systems Control (CRISC, Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable
Skills / Competencies
Fluent in of written and spoken English. Fluency in Cantonese will also be an advantage
Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint)
Capacity to work independently and in a team environment, with proven leadership ability and project management skills
Ability to multi-task and have solid project management skills.
Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks
Ability to keep pace with a fast pace and growing company
Strong analytical and inter-personal skills to communicate technical information to non-technical background users
PERSONAL COMPETENCIES:
Displays a high commitment to delivering results
Leads others to achieve business objectives
Communicates effectively
Achieves agreed objectives and accepts accountability for results