Analyst, Information Security (Compliance)

About The Position

Requirements

• 2+ years’ working of experience in a related field.
• Requires in depth experience and knowledge of enterprise IT concerns and technologies
• Experience with managing a compliance and/or security organization, including planning and executing security policies and standards development
• Experience in ISO 27001 latest standard
• 1+ years in information security preferred to include management or administration in least 6 of the following disciplines: Network Security and firewalls (CCSP/CCIE – Security, CCNA) Relational Database Security Remote Access/VPN solutions Information Security Auditing Intrusion Detection and Response Anti-virus systems Messaging Security Security policy and procedure development Windows and Active Directory security Access management processes Security benchmarking requirements (CIS) Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA) Security Strategic Planning and Risk Management Web and application based security Encryption (PKI/Kerberos/SSL) Cloud Technologies
• Bachelor’s degree in Management Information System, Computer Science, or related disciplines
• An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable
• Knowledge of security policies, standards, regulatory requirements such as ISO 27001, PCI-DSS, GDPR, MCSL
• Fluent in of written and spoken English. Fluency in Cantonese and Mandarin will also be an advantage
• Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus
• Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)
• Capacity to work independently and in a team environment, with leadership ability and project management skills
• Ability to multi-task and have solid project management skills.
• Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks
• Ability to keep pace with a fast pace and growing company
• Strong analytical and inter-personal skills to communicate technical information to non-technical background users
• Displays a high commitment to delivering results
• Leads others to achieve business objectives
• Communicates effectively
• Displays the highest level of integrity
• Ability to maintain discretion
• Self-motivated
• Approachable

Nice To Haves

• Experience in Macau Cyber Security Law is a plus
• Fluent in Cantonese and Mandarin will also be an advantage
• Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus
• An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

Responsibilities

• Ensure Melco Information Security Policy is compliant with Macau Cyber Security Law (MCSL) and to carried out required activities accordingly.
• Enforce Melco Information Security Policy based on industrial standards (e.g. ISO27001 latest) and best practices across all Melco properties and locations
• Oversee security control systems to prevent or deal with violation of Information Security Policies and Standards
• Review and revise Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest standards and best practices
• Coordinate/support an information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staff
• Coordinate/support internal/external audit activities; perform annual internal audit in conjunction with internal policy, regulation and governance.
• Ensure audit findings and corrective actions are closed out accordingly
• Review change/service request tickets in ticketing system within agreed SLA
• Remain informed on current standards, trends and issues in the information security industry
• Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworks
• Support Information Security Operation Calendar activities
• Produce required dashboard for management reviews (e. Compliance, Vulnerability reports)