Reports to: IT Security Controls Senior Lead

This role is part of a dedicated global team within our Information Technology Department committed to safeguarding the company’s digital environment through robust security governance and world‑class protection standards.

As the IT Security Controls Analyst, you will play a key role in upholding the highest level of security assurance by monitoring, assessing, and strengthening the company’s security controls.

You will be responsible for overseeing the day‑to‑day effectiveness of our IT security control framework, identifying gaps or weaknesses, and supporting timely remediation to maintain a resilient security posture. You will collaborate closely with extended IT security teams to respond to diverse security requests and ensure that operational processes run smoothly and effectively.

With your specialized knowledge, analytical mindset, and passion for cybersecurity, you will rotate across different IT security functions to broaden your expertise, gain hands‑on experience in various domains, and build a structured and promising career path within the IT security discipline.

• Provide management oversight to the IT security team on overall vulnerability management progress
• Demonstrate strong technical expertise in industry‑leading vulnerability management tools, including their configuration and ongoing administration
• Maintain solid working knowledge of firewall requests, change plans and project plans to support security operations
• Review and approve IT security requests during application migrations in collaboration with various stakeholders
• Implement and review IT security controls processes and validate the effectiveness of all defined controls
• Perform end‑to‑end vulnerability management across multiple VM tools and ensure compliance with established SLAs
• Apply hands‑on knowledge of ISO27001, PCIDSS and NIST frameworks to support compliance and governance requirements
• Revisit and update existing security governance and procedural documents to ensure alignment with company IT security policies
• Partner with IT function teams and business units to measure and assess the effectiveness of different IT security controls
• Manage vulnerability exemption handling, support audit evidence collection and remediation, and collaborate with extended IT security teams to update controls based on emerging threats, leveraging strong understanding of key security concepts across on‑premises and cloud environments

• 5 years relevant IT experiences in vulnerability management and threat intelligence handling
• Bachelor degree in Information Technology, Computer Science or related disciplines
• CISSP, CISM, CRISC, ISO 27001 lead auditor or relevant experience preferred.
• Knowledge on compliance framework i.e. ISO 27001, PCIDSS
• Self-motivation, willing to keep update to spanet standards and technology
• Engineering, or Cyber Security preferred

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.