- Browse Job
- Analyst – Security Risk Management
- Position
- Analyst – Security Risk Management
- Department
- Cyber Security Office
- Working Location
- Macau Peninsula
- Post Date
- 22/02/2023
- Requirements
-
• Degree holder in Computer Science, Electrical / Electronic Engineering, Information Technology related fields or Cyber Security related experience is a minimum
• CISP / CISSP / CISM / CISA / ISO27001 / CEH / LPT / OSCP / OSWP (or other industry recognized security certification) is strongly preferred
• Minimum of 2 years of relevant experience in Information Technology
• Experience in Security Controls Implementation, Security Policy / Standard / Procedure / Guideline writing
• Experience in assessment of security controls, application security, security exposure risk, network segmentation, network perimeter defense
• Experience in vendor management
• Experience in amendment and risk monitoring is preferred
• Knowledge in information, data, network and cyber security technologies
• Hospitality or gaming system and infrastructure knowledge is preferred
• Proficient in spoken and written English and Chinese
• Good presentation skill and able to explain technology strategic to non-IT use
- Responsibilities
-
• Contribute to the development, implementation and maintenance of group-wide security assurance
• Communicate with engagement teams to maintain the security dispensation/exemption registry and work towards technical security solutions as appropriate
• Evaluate, rate and perform risk assessments on company information assets and provide technical recommendations for risk remediation
• Work with indirect resource teams, including contractors and other third-party resources
• Communicate with engagement teams to remediate the weakness finding during the internal assessment or third-party assessment
• Daily assessment of vulnerabilities identified in vulnerability scan
• Oversee the vulnerability trend across all company Properties
• Execute the regular Vulnerability Management Program (identity, evaluate and mitigate the findings from VMP) in order to reduce the risk exposure of company information assets
• Conduct vulnerability scan internal and external facing environment as per requirement
• Prioritize vulnerabilities discovered along with remediation timelines
• Send and receive notifications of vulnerabilities to teams of Solo and Satellites casinos of company
• Provide vulnerability analysis and produce reports for management, as well as relevant parties to remediate the risks
• Perform assessment on company information systems and assist on generating regular report to Cybersecurity Incident Alert and Response Centre (Centro de Alerta e Resposta a Incidentes de Cibersegurança, CARIC) for complying with MCSL
• Respond to indicators and alerts sent from CARIC
• Assist and cooperate with Satellite Casinos to meet the MCSL requirements
• Provide support in defining endpoint, network device & server hardening best practices
