Full Time

Senior Analyst, Information Security

Posted 1 month ago
Application ends: November 20, 2021
Apply Now

Job Description

REQ3883 Senior Analyst, Information Security (Open)

Primary Responsibilities

  • Lead the security assessment on the new corporate initiatives including the architecture design, data / privacy protection, compliance framework, DevSecOps, etc to identify potential risks and ensure compensation controls are put in place
  • Drive differentiated security architecture and technology review with stakeholders and providers through the understanding of business needs, challenges, risks together with the external threats to ensure the most adequate solution is deployed
  • Evaluate the organization security posture with the latest industrial security trend / technology to identify the enhancement opportunity and provide effective recommunication to management team
  • Liaise and facilitate with business units, IT Engagement, PMO and other Information Security function teams to ensure the company security best practice is applied and identify any residual risk throughout the project life cycle
  • Participate in regular review and utilize the Security framework (e.g. ISO 27001, NIST) to develop the security standard and guideline as the company control framework


  • Minimum 5 years relevant experience in Information Security from recognized consultancy firm or highly regulated organization
  • Good understanding of emerging technologies and associated risks on CyberSecurity, DevSecOps, Cloud Security, etc)
  • Strong technical knowledge that able to conduct security assessment and risk control on different technology domains and cloud platforms e.g. AWS, Microsoft Azure and Ali-yun
  • Experience on process in project management (Agile), DevOps and digital transformation, data & privacy management, etc
  • Experience on security framework e.g. CIS, NIST, PCI-DSS, ISO 27001 / 27701 / 27018
  • Familiar with compliance and regulation e.g. GDPR, Macau Cyber Security Law, China Cyber Security Law will be an advantage
  • Hands on experience on various security platforms such as IAM, PAM, CASB, SIEM, SOAR, WAF, EDR, DLP, UEBA, email security, etc is highly desirable
  • Candidate with less experience will be considered as Analyst


  • Bachelor’s degree in Management Information System, Computer Science or related disciplines
  • Certification in Information Security (e.g. CISA, CISM, CCSP, CISSP, DevOps, DevSecOps, etc) is preferable

Skills / Competencies

  • Fluent in of written and spoken English. Mandarin will be an advantage
  • Good communication skill on report writing and presentation (PowerPoint)
  • Able to work independently and cope with result-oriented demand
  • Strong business insight and able to understand business challenges
  • Well organized and detail-oriented on delivering the assigned task
  • Commit and strong sense of responsibility to the role and the team

Personal Competencies

  • Displays a high commitment to delivering results
  • Leads others to achieve business objectives
  • Communicates effectively
  • Achieves agreed objectives and accepts accountability for results
  • Displays the highest level of integrity
  • Ability to maintain discretion
  • Self-motivated
  • Approachable