Reports to: IT Security Governance and Compliance – Senior Lead

The role will be responsible for Security Governance and Compliance with a strong cyber security background and good interpersonal skills. IT Risk and Security team is responsible to fortify the cyber security posture and strengthen the security controls by effective monitoring and governance. From securing our crown jewels to strict adherence of regulatory and compliance requirements, our commitment is to make us as one of the safest business applications with world class security in place.

• Manage Governance and Compliance requirements
• Define cybersecurity governance framework to ensure we’ve required practices, standard, process, procedures in supporting the controls
• Drive and facilitate development of security architecture, principles and standards, process, guidelines and templates to ensure alignment to standards and frameworks, business needs and industry best practices with relevant owners
• Take up an advisory role to IT and the Business to specify pragmatic security requirements
• Initiate internal audit check to the security controls for any gaps/ risks and plan for remediation
• Manage PCI DSS annual renewal, PCI DSS BAU activities and impact analysis for new initiatives
• Manage aviation related regulatory requirements and contribute to the audit
• Ensure Business Unit activities align with Regulatory requirements and liaise with Business Groups to contribute to the overall assessment validation security status of the business facing application systems or services.
• Contribute to ensuring that the initiatives keep up with regulatory and related compliance requirements through a pro-active knowledge sharing processes
• Partner with other security staff and other teams to design a management monitoring and independent business controls monitoring schedule.
• Delivery periodic compliance dashboard
• Provide interpretation and results updates at Business meeting
• Audit Support and perform third party audit as and when required
• Provide responses to any compliance checks or queries from third party or business partners
• Information security Policy Formation and compliance check
• Conduct annual review and update to IT Cybersecurity Policy and required practises in according to any recent updates to laws or regulatory requirements
• Perform sample check for the prioritized required practises and their controls in the policy
• Develop Security schedule for all scenarios and perform gap analysis if any non-compliance to the schedule
• Work with the lead/Controls owners and DevOps team to review and approve the policy, standards, procedures, guidance and training for compliance with relevant Requirements.
• Support reviews of the information systems for compliance with security NFRs and Architecture standards
• Provide consulting on governance and compliance to extended teams
• Support and deliver various planned or remediation items for Compliance
• Lead the activities related to various compliances e.g. PCIDSS, ISO27K1, CAD and etc.
• Participate and Contribute in development and improvement of Data Governance and Data classification principles

• 7 years’ experience relevant experience in Compliance and Governance Controls in Cybersecurity
• Demonstrable experience of successfully managing Assurance or operational activities within a Business Unit
• Strong understanding of the regulatory trends in the Cybersecurity space and airline industry is foundational to success in this role
• Proven management experience of cross functional teams located globally
• Certifications – CISM, CRISC or CISA or CISSP 
• Proven experience as a lead in prior roles
• Experience in interpreting policies, procedures, and processes for ensuring compliance with cybersecurity policies
• Good knowledge of IT Security testing and Quality Assurance
• Knowledge of Information security standards (e.g. ISO27001) and Privacy Regulations
• Understanding of Agile, Kanban and Scrum basics
• Good understanding of emerging technology risks e.g. cloud (SAAS, PAAS and IAAS), Automation etc
• Cyber – NIST, CSA
• High level of drive, initiative, and self-motivation
• Ability to take internal and external stakeholders along
• Understanding of Technology and User Experience
• Love for simplifying
• Growth Mindset
• Willingness to experiment and improve continuously
• Strong problem solving and analytical skills

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.