You are here: Jobs → View a job


Airlines IT

 

Cathay Pacific

IT Risk & Security Manager



Date posted:
Expire date:
Recruiter:
Job Category:
Location:
21.Sep.2015
Open Until Filled
Cathay Pacific
Airlines IT
Hong Kong

Description:

Department: Information Management
Reports to: General Manager Info Technology

Reporting to the GM IT, the IT Security and Risk Manager is responsible for the development and implementation of Cathay Pacific’s information security and IT risk policies across the company. Working with CPA’s senior management, business managers and IT managers, the Manager IT Security and Risk coordinates the process to build a company-wide information security strategy and vision. The Manager IT Security and Risk oversees the creation and maintenance of CPA’s information security strategy and policy, leads security risk assessment efforts, investigates information security incidents and owns the company’s security awareness and training programme. He or she also advises and collaborates with different divisions/departments on business continuity and disaster recovery plans, and audit and governmental compliance practices.
In general, the Information Risk and Security Manager is charged with the responsibility for building a company-wide information security-conscious culture and strategy for CPA.

Key Responsibilities:

Serve as an expert advisor to CPA’s senior management in the development, implementation, and maintenance of a company-wide information risk and security strategy.
Provide guidance and advocacy regarding prioritization of infrastructure investments and implementation roadmap associated with security strategy.
Define, develop, publish and maintain comprehensive company wide security strategy, plans, policies, procedures, and guidelines at the enterprise level for protection of information assets.
Direct the development and enforcement of information security and risk policies in compliance with government regulations and standards.
Monitor information security trends and potential risks internal and external to CPA and keep CPA’s senior management informed about information security-related issues and activities affecting the organization.
Understand potential threats, vulnerabilities, and control techniques and communicate this information to relevant parties company-wide.
Periodically test and evaluate Information Security controls and techniques to assure compliance with policies. Coordinate the use of external resources involved in the performance of security testing, i.e. penetration tests, vulnerability scans.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
Maintain the IT Risk Register and chair the IT Risk Governance Committee
Assist the CPA Data Protection Officer in enforcing data privacy requirements for IT systems.
Define, develop, and manage an effective and proactive Cyber security Incident Response capability using a combination of in-house, outsourced and external resources.
Assist CPA as necessary to investigate security breaches and pursue associated forensic analysis, disciplinary and legal matters.
Maintain relationships with key external third parties and engage them through the formal CPA channels.
Work with Internal Audit, Corporate Risk and outside consultants as appropriate on required security audits.
Develop a security awareness and training program and act as an enabler and educator to the company describing how security technology can improve business through threat awareness and managed risk, privacy, and compliance.
Promote security culture and drive continuous security improvements in an independent manner.

Requirements:

Job Requirements :

At least 10 years of progressive experience in computing and information security, including experience with information security framework and practices, information classification and privacy compliance, Internet and mobile technologies and security trends and issues
Tertiary qualifications are necessary, preferably Information Technology or related disciples
An intelligent, articulate, consensus building, and persuasive leader, with strong business acumen and technology knowledge, who can serve as an effective member of the senior management team and communicate information security-related concepts to a broad range of technical and non-technical staff
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity
Experience with business continuity and disaster recovery planning, auditing, and risk management, as well as contract and vendor negotiation
Experience with disaster recovery planning and testing, auditing, risk analysis, business resumption planning, and contingency planning
CISSP, CISM or other security certification/accreditation a must


Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.

To submit your CV for this job, select how you heard about the job and then click the "Apply Now" button below.

Apply