Role Introduction
Protect and strengthen Cathay’s technology landscape by taking an active role in day-to-day IT security operations. This position sits at the front line of defence, executing and monitoring security controls across endpoints, networks, privileged access, cloud environments, and software-as-a-service platforms to maintain a strong security posture across the organisation.
Working hands-on with incident response and emerging threat analysis, the role combines operational discipline with analytical thinking. Security requests are reviewed and approved with care, hygiene across the IT security footprint is maintained, and threat hunting techniques are applied to identify and respond to evolving risks. Collaboration is central, involving close engagement with business units, extended IT teams, external security operations centres, and third-party service providers.
Job rotation within IT security operations provides exposure to multiple domains and challenges, building depth and breadth in security expertise. Through investigation, forensics, audit support, and clear documentation, this role contributes directly to safeguarding the systems that keep Cathay moving people forward in life.
Key Responsibilities
- Execute and operate IT security solutions across endpoint, network, privileged access management, cloud, and software-as-a-service security platforms.
- Review and approve IT security requests in line with established policies and controls.
- Maintain strong security hygiene across the company’s IT network and systems.
- Perform basic threat hunting activities to identify and respond to emerging security threats.
- Investigate security incidents, including conducting incident response and forensic analysis.
- Collaborate with business units, extended IT teams, and external partners to address security challenges.
- Coordinate with third-party vendors and external security operations services to support incident response.
- Support audits by collecting evidence, updating documentation, and implementing recommended security controls.
- Develop and maintain documentation and assist in educating stakeholders on security events and their implications.
Requirements
- A minimum of 6 years of overall information technology experience, including at least 3 years of relevant IT security experience.
- Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ISO/IEC 27001 Lead Auditor, or equivalent experience are preferred.
- Demonstrated knowledge of IT security incident investigation and digital forensics.
- Strong understanding of compliance frameworks, including ISO/IEC 27001 and Payment Card Industry Data Security Standard (PCI DSS).
- Proven ability to contribute to team development and provide coaching support.
- High level of self-motivation with a commitment to staying current with market standards and security technologies.
- A Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, Cyber Security, or an equivalent discipline.
Personal & Application Information
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.
