REQ11786 Analyst, Information Security (Open)

POSITION SUMMARY:

As an Information Security Analyst, you will be responsible for the implementation and overall operation of Information Security. This includes the assistance in the development and implementation of comprehensive information security controls, user education and training, compliance, incident response and security risk management. Configure and troubleshoot security tools according to the company policy and best practices.

PRIMARY RESPONSIBILITIES:

• Administers cyber security tools on premise and cloud, such as DLP, Web Security Gateway, Vulnerability Management, Server Policy Compliance Management, PIM/PAM, IAM, Endpoint Management, AV, EDR, APT, CASB, Email Security etc.
• Assists in strategic information security planning, based on industry-standard best practices to achieve business goals by prioritizing defence initiatives and coordinating the evaluation, deployment, and management of current and future information security technologies
• Performs Risk Assessment and Data Privacy Impact Assessment (DPIA) on new systems/services
• Lead the security assessment on the new corporate initiatives including the architecture design, data / privacy protection, compliance framework, etc. to identify potential risks and ensure appropriate security controls are put in place
• Liaise and facilitate with Business Units, IT Engagement, PMO and other Information Security function teams to ensure the company security best practice is applied and identify any residual risk throughout the project life cycle
• Reviews change/service request tickets within agreed SLA and assess the relevant organizational risk
• Participates in evaluating, planning, and implementing of new cybersecurity technologies and systems
• Creates, identifies, and enhances processes that may leverage new or existing technologies to improve protection or reduce risk
• Performs periodic and on-demand system audits and vulnerability assessments
• Ensures findings from various security assessments i.e red team activities are remediated in timely manner
• Enforces Melco Information Security Policy based on industry standards (e.g., ISO27001, NIST, PCI) and best practices across all Melco properties and locations
• Participates in developing, implementing, and assessing data security procedures and controls to ensure compliance with applicable regulatory and legal requirements, such as SOX, and ISO27001, GDPR
• Participates in maintaining information security and risk management policies, procedures, and technical standards to support corporate objectives
• Remain informed on current standards, trends, and issues in the information security industry.

QUALIFICATIONS:

Experience

• Minimum 2 years of relevant experience in Information Security and Cyber Security
• Good knowledge of security frameworks and standards such as NIST, PCI-DSS, ISO 27001/ 27017 / 27018 / 27701
• Familiar with compliance and regulatory frameworks e.g., GDPR, will be an advantage
• Experience with security tools such as DLP, Web Security Gateway, Vulnerability Management, Server Policy Compliance Management, PIM/PAM, IAM, Endpoint Management, AV, EDR, APT, CASB, Email Security etc.
• Experience with multiple operating systems security: Windows Servers and Clients, Linux, and Unix
• Solid understanding of network design, architecture, OSI model and TCP/IP
• Exposure to Cloud computing
• Knowledge of Web and application-based security (i.e. OWASP Top 10)
• Knowledge of encryption, such as PKI, SSL/TLS, Data at Rest

Education

• Bachelor’s degree in Management Information System, Computer Science, or related disciplines
• An information security or other similar technical certification such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM) is highly desirable
• Certification in Privacy (e.g., CIPP/E, CIPM, CIPT, CDPO etc) will be considered as an advantage
• Security tools technical certificates from vendors will be considered as an advantage
   

Skills / Competencies

• Good communication skill on report writing and presentation
• Able to work independently and cope with result-oriented demand
• Effective organizational and time management skills required
• Well organized and detail-oriented on delivering the assigned task
• Commit and strong sense of responsibility to the role and the team
• Ability to identify, analyse and address problems to resolve issues whenever possible in a way that minimizes negative impact and risk to the organization
• Strong analytical skills/problem solving/conceptual thinking

PERSONAL COMPETENCIES:

• Displays a high commitment to delivering results
• Communicates effectively
• Achieves agreed objectives and accepts accountability for results
• Displays the highest level of integrity
• Ability to maintain discretion
• Self-motivated
• Approachable