Analyst, Information Security (Compliance)

REQ12603 Analyst, Information Security (Compliance) (Open)

POSITION SUMMARY:

As an Analyst, Information Security (Compliance) you will be part of Team focusing adherence to Macau Cyber Security Law (MCSL), ISO27001 (latest) standard, PCI DSS (latest) , regulatory requirements, and in-house policies

PRIMARY RESPONSIBILITIES:

• Ensure Melco Information Security Policies and Procedures are compliant with Macau Cyber Security Law (MCSL) and support management to carry out required activities accordingly
• Monitor security control systems to prevent or deal with violation of Information Security Policies and Standards
• Support in review and update of Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest requirements, standards (e.g. ISO27001 latest) and best practices across all Melco properties and locations
• Coordinate/support activities on information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staff
• Coordinate/support internal/external audit activities in conjunction with internal policy, regulation and governance.  Ensure audit findings and corrective actions are closed out accordingly
• Review change/service request tickets in ticketing system within agreed SLA and follow-ups
• Remain informed on current standards, trends and issues in the information security industry
• Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworks
• Support Information Security Operation Calendar activities
• Support in producing required dashboards for management reviews

QUALIFICATIONS:

Experience

• 2+ years’ working of experience in a related field.
• Requires in depth experience and knowledge of enterprise IT concerns and technologies
• Experience with managing a compliance and/or security organization, including planning and executing security policies and standards development
• Experience in ISO 27001 latest standard
• Experience in PCI-DSS latest standard
• Experience in DICJ Minimum Internal Control Requirements (MICR)
• Experience in Macau Cyber Security Law is a plus
• 1+ years in information security preferred to include management or administration in least 6 of the following disciplines:
• Network Security and firewalls (CCSP/CCIE – Security, CCNA)
• Relational Database Security
• Remote Access/VPN solutions
• Information Security Auditing
• Intrusion Detection and Response
• Anti-virus systems
• Messaging Security
• Security policy and procedure development
• Windows and Active Directory security
• Access management processes
• Security benchmarking requirements (CIS)
• Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA)
• Security Strategic Planning and Risk Management
• Web and application based security
• Encryption (PKI/Kerberos/SSL)
• Cloud Technologies

Education

• Bachelor’s degree in Management Information System, Computer Science, or related disciplines
• An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

Skills / Competencies

• Knowledge of security policies, standards, regulatory requirements such as ISO 27001, PCI-DSS, MCSL, GDPR
• Fluent in of written and spoken English. Fluency in Cantonese and Mandarin will also be an advantage
• Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus
• Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)
• Capacity to work independently and in a team environment, with leadership ability and project management skills
• Ability to multi-task and have solid project management skills.
• Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks
• Ability to keep pace with a fast pace and growing company
• Strong analytical and inter-personal skills to communicate technical information to non-technical background users

PERSONAL COMPETENCIES:

• Displays a high commitment to delivering results
• Leads others to achieve business objectives
• Communicates effectively
• Team player
• Displays the highest level of integrity
• Ability to maintain discretion
• Self-motivated
• Approachable