ASSISTANT CYBERSECURITY MANAGER

Advises airline leadership on all matters pertaining to Cyber Security and IT Risk Management in the areas of system and data Confidentiality, Availability and Integrity.

Key Responsibilities:

In IT related functions, with a focus on cybersecurity:

• Primary cyber security liaison between IT, Tech Ops and airline operations. Responsible for the cyber security end-user training and employee cyber awareness training programs;
• Owns and maintain the airline Cyber Security Risk Assessment and Programme;
• Responsible for IT Incident Response Plan and drill;
• Conduct IT risk and security assessments to identify security risks and follow up mitigation actions, especially to critical systems;
• Deliver vulnerability scanning, various types of penetration tests for internal systems covering infrastructure, web application, mobile application regularly and report findings to senior management;
• Advice in the development of security architecture, security policies, principles, and standards;
• Provide support in the resolution of reported security incidents and provide leadership where required;
• Maintain up-to-date understanding of the latest threats, vulnerabilities, life cycle management, mitigation, and industry best practices;
• Develop security awareness material and conduct security awareness training to Greater Bay Airlines staff.

Requirements:

• University graduate in IT, Engineering, Mathematics or equivalent;
• 5 years in IT security field with certificate in CISSP, OSCP, CEH, GCIH or GIAC or equivalent.
• Experience with common information security management frameworks, such as ISO 27001, NIST, CobiT, ITIL, PCI, are assets;
• Knowledge and experience in infrastructure and networks design;
• Experience in gap assessment, data privacy regulatory compliance assessment and audit, and experience with implementation of security technologies such as: Linux/Windows, VMware, Firewall, DLP, SIEM, IPS, Antimalware, Threats & Vulnerabilities monitoring, Web Proxy, ATP tools, PKI and cloud security is preferred but not mandatory;
• Experience in airlines industry will be an advantage;
• Strong problem solving, analytical, interpersonal and communication skills with hight proficiency of English and Chinese;
• Self-motivated and able to work independently;
• Candidate with more experience may be considered as Cybersecurity Manager.