REQ12603 Analyst, Information Security (Compliance) (Open)

POSITION SUMMARY:

As an Analyst, Information Security (Compliance) you will be part of Team focusing adherence to Macau Cyber Security Law (MCSL), ISO27001 (latest) standard, PCI DSS (latest) , regulatory requirements, and in-house policies

PRIMARY RESPONSIBILITIES:

Ensure Melco Information Security Policies and Procedures are compliant with Macau Cyber Security Law (MCSL) and support management to carry out required activities accordinglyMonitor security control systems to prevent or deal with violation of Information Security Policies and StandardsSupport in review and update of Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest requirements, standards (e.g. ISO27001 latest) and best practices across all Melco properties and locationsCoordinate/support activities on information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staffCoordinate/support internal/external audit activities in conjunction with internal policy, regulation and governance.  Ensure audit findings and corrective actions are closed out accordinglyReview change/service request tickets in ticketing system within agreed SLA and follow-upsRemain informed on current standards, trends and issues in the information security industryEnsure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworksSupport Information Security Operation Calendar activitiesSupport in producing required dashboards for management reviews

QUALIFICATIONS:

Experience

2+ years’ working of experience in a related field.Requires in depth experience and knowledge of enterprise IT concerns and technologiesExperience with managing a compliance and/or security organization, including planning and executing security policies and standards developmentExperience in ISO 27001 latest standardExperience in PCI-DSS latest standardExperience in DICJ Minimum Internal Control Requirements (MICR)Experience in Macau Cyber Security Law is a plus1+ years in information security preferred to include management or administration in least 6 of the following disciplines:Network Security and firewalls (CCSP/CCIE – Security, CCNA)Relational Database SecurityRemote Access/VPN solutionsInformation Security AuditingIntrusion Detection and ResponseAnti-virus systemsMessaging SecuritySecurity policy and procedure developmentWindows and Active Directory securityAccess management processesSecurity benchmarking requirements (CIS)Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA)Security Strategic Planning and Risk ManagementWeb and application based securityEncryption (PKI/Kerberos/SSL)Cloud Technologies

Education

Bachelor’s degree in Management Information System, Computer Science, or related disciplinesAn information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

Skills / Competencies

Knowledge of security policies, standards, regulatory requirements such as ISO 27001, PCI-DSS, MCSL, GDPRFluent in of written and spoken English. Fluency in Cantonese and Mandarin will also be an advantageGood knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plusProven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)Capacity to work independently and in a team environment, with leadership ability and project management skillsAbility to multi-task and have solid project management skills.Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risksAbility to keep pace with a fast pace and growing companyStrong analytical and inter-personal skills to communicate technical information to non-technical background users

PERSONAL COMPETENCIES:

Displays a high commitment to delivering resultsLeads others to achieve business objectivesCommunicates effectivelyTeam playerDisplays the highest level of integrityAbility to maintain discretionSelf-motivatedApproachable