Analyst, Information Security (Compliance)

POSITION SUMMARY:

As an Analyst, Information Security (Compliance) you will be part of Team focusing adherence to Macau Cyber Security Law (MCSL), ISO27001 (latest) standard, regulatory requirements, and in-house policies.

PRIMARY RESPONSIBILITIES:

• Ensure Melco Information Security Policy is compliant with Macau Cyber Security Law (MCSL) and to carried out required activities accordingly.
• Enforce Melco Information Security Policy based on industrial standards (e.g. ISO27001 latest) and best practices across all Melco properties and locations
• Oversee security control systems to prevent or deal with violation of Information Security Policies and Standards
• Review and revise Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest standards and best practices
• Coordinate/support an information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staff
• Coordinate/support internal/external audit activities; perform annual internal audit in conjunction with internal policy, regulation and governance.  Ensure audit findings and corrective actions are closed out accordingly
• Review change/service request tickets in ticketing system within agreed SLA
• Remain informed on current standards, trends and issues in the information security industry
• Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworks
• Support Information Security Operation Calendar activities
• Produce required dashboard for management reviews (e. Compliance, Vulnerability reports)

QUALIFICATIONS:

Experience

• 2+ years’ working of experience in a related field.
• Requires in depth experience and knowledge of enterprise IT concerns and technologies
• Experience with managing a compliance and/or security organization, including planning and executing security policies and standards development
• Experience in ISO 27001 latest standard
• Experience in Macau Cyber Security Law is a plus
• 1+ years in information security preferred to include management or administration in least 6 of the following disciplines:
• Network Security and firewalls (CCSP/CCIE – Security, CCNA)
• Relational Database Security
• Remote Access/VPN solutions
• Information Security Auditing
• Intrusion Detection and Response
• Anti-virus systems
• Messaging Security
• Security policy and procedure development
• Windows and Active Directory security
• Access management processes
• Security benchmarking requirements (CIS)
• Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA)
• Security Strategic Planning and Risk Management
• Web and application based security
• Encryption (PKI/Kerberos/SSL)
• Cloud Technologies

Education

• Bachelor’s degree in Management Information System, Computer Science, or related disciplines
• An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

Skills / Competencies

• Knowledge of security policies, standards, regulatory requirements such as ISO 27001, PCI-DSS, GDPR, MCSL
• Fluent in of written and spoken English. Fluency in Cantonese and Mandarin will also be an advantage
• Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus
• Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)
• Capacity to work independently and in a team environment, with leadership ability and project management skills
• Ability to multi-task and have solid project management skills.
• Ability to understand the relationship between business processes, priorities, risk and their underlying
• technologies and security risks
• Ability to keep pace with a fast pace and growing company
• Strong analytical and inter-personal skills to communicate technical information to non-technical background
• users

PERSONAL COMPETENCIES:

• Displays a high commitment to delivering results
• Leads others to achieve business objectives
• Communicates effectively
• Displays the highest level of integrity
• Ability to maintain discretion
• Self-motivated
• Approachable