POSITION SUMMARY:

As an Analyst, Data Risk (Compliance) you will be part of the Data Risk Team focusing adherence to ISO27001 (latest) standard and in-house policies.

PRIMARY RESPONSIBILITIES:

• Enforce Melco Information Security Policy based on industrial standards (e.g. ISO27001 latest) and
  best practices across all Melco properties and locations
• Develop and oversee security control systems to prevent or deal with violation of Information Security
  Policies and Standards
• Review and revise Information Security policies, procedures, standards and checklists periodically
  to ensure compliance to the latest standards and best practices
• Coordinate/support an information security awareness program to deliver risk communication,
  awareness and training for audiences, which may range from senior leaders to field staff
• Coordinate/support external audit activities; perform annual internal audit in conjunction with internal
  policy, regulation and governance. Ensure audit findings and corrective actions are closed out
  accordingly
• Review change/service request tickets in ticketing system within agreed SLA
• Remain informed on current standards, trends and issues in the information security industry
• Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry
  frameworks
• Assist in strategic information security planning based on industry-standard best practices to achieve
  business goals by prioritizing defence initiatives and coordinating the evaluation, deployment, and
  management of current and future information security technologies
• Support Risk Assessment review on new systems/services
• Support information security incident and investigation activities
• Support Information Security Operation Calendar activities
• Support penetration testing activities and ensure findings are resolved accordingly

QUALIFICATIONS:

Experience

• 2+ years’ working of experience in a related field
• Requires in depth experience and knowledge of enterprise IT concerns and technologies
• Experience with managing a compliance and/or security organization, including planning and executing
• security policies and standards development
• 1+ years in information security preferred to include management or administration in least 6 of the following disciplines:
• Network Security and firewalls (CCSP/CCIE – Security, CCNA)
• Relational Database Security
• Remote Access/VPN solutions
• Information Security Auditing
• Intrusion Detection and Response
• Anti-virus systems
• Messaging Security
• Security policy and procedure development
• Windows and Active Directory security
• Access management processes
• Security benchmarking requirements (CIS)
• Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA)
• Security Strategic Planning and Risk Management
• Web and application based security
• Encryption (PKI/Kerberos/SSL)
• Cloud Technologies

Education

An information security or other similar technical certification such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is highly desirable

Skills / Competencies

• A degree in Information Systems or equivalent
• Good knowledge of gaming, hospitality, finance, retail and HR solutions
• Good knowledge of computer platforms (e.g. AS400, MS Windows, AIX, Linux)
• Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba)
• Good knowledge of the DevOps/DevSecOps methodology, AppSec Stack/AppSec infrastructure,
• Agile software development and the inclusion of security in the development life cycle
• Good knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
• Knowledge of security policies and standards such as ISO 27001, GDPR and PCI-DSS
• Proven excellence in researching, organizing, writing, and presenting technical information
• Capacity to work independently and in a team environment, with proven leadership ability and project
• management skills
• Must have excellent analytical skills, have the ability to multi-task and have solid project management
• skills
• Ability to understand the relationship between business processes, priorities, risk and their underlying
• technologies and security risks
• Ability to keep pace with a fast pace and growing company
• Achieves agreed objectives and accepts accountability for results
• Good understanding of IT audit process, control principles and design
• Strong analytical and inter-personal skills to communicate technical information to non-technical background users
• Fluent in English, Cantonese and Mandarin