- Browse Job
- Senior Analyst - Security Risk Management
- Position
- Senior Analyst - Security Risk Management
- Department
- Information Technology
- Working Location
- Macau Peninsula
- Post Date
- 19/03/2025
- Requirements
-
• Bachelor's degree in Computer Science, Electrical / Electronic Engineering, Information Technology related fields or Cyber Security related experience is a minimum
• CISSP / CISP / OSCP / OSCE / GPEN / CEH / CISA / CISM (or other industry recognized security certification) is strongly preferred
• Minimum of 4 years of relevant experience in Information Technology
• Minimum of 2 years of relevant experience in Cyber Security
• Experience in computer programing
• Experience in penetration testing
• Experience in vendor management
• Information security or application development experience is preferred
• Knowledge in information, data, network and cyber security technologies
• Hospitality or gaming system and infrastructure knowledge is a plus
• Common Penetration methodology (Kali, network sniffer, vulnerability assessment tools, etc)
• Proficient in spoken and written English and Chinese
• Good presentation skill and able to explain technology strategic to non-IT use
- Responsibilities
-
• Contribute to the development, implementation and maintenance of group-wide security assurance
• Provide advisory and review of Information / Cyber Security Architecture for new project deployment or major change of application / infrastructure systems
• Act as a lead to communicate with engagement teams to maintain the security dispensation/exemption registry and work towards technical security solutions as appropriate
• Provide written and/or verbal recommendations for the dispensation/exemption items for management review
• Evaluate, rate and perform risk assessments on company information assets and provide technical recommendations for risk remediation
• Act as a lead to communicate with engagement teams to remediate the weakness finding during the internal assessment or third-party assessment
• Act as a lead to assess, recommend, and implement security controls and modules to ensure sufficient protection to IT environment
• Effectively lead indirect resource teams, including contractors and other third-party resources
• Oversee the vulnerability trend across all company Properties
• Execute and maintain the regular Vulnerability Management Program (identity, evaluate and mitigate the findings from VMP) in order to reduce the risk exposure of company information assets
• Conduct vulnerability scan internal and external facing environment as per requirement
• Prioritize vulnerabilities discovered along with remediation timelines
• Send and receive notifications of vulnerabilities to teams of Solo and Satellites casinos of company
• Provide vulnerability analysis and produce reports for management, as well as relevant parties to remediate the risks
• Perform assessment on company information systems and generate regular report to Cybersecurity Incident Alert and Response Centre for complying with MCSL
• Respond to indicators and alerts sent from CARIC
• Assist and cooperate with Satellite Casinos to meet the MCSL requirements
• Perform regular firewall rules review and provide recommendation on firewall rules housekeeping
• Provide support in defining endpoint, network device & server hardening best practices
• Define the scope and organize the resources for Penetration Test Program, with the recognized methodologies including but not limited to OSSTMM, OWASP, NIST, ISSAF, CWE.
