Cyber Security Analyst

Location:HKG preferred, however flexibility within OSEA region. 

Overview

Menzies Aviation is an independent, time-critical logistics specialist serving the airline industry. At more than 300 locations in 60 countries, Menzies Aviation offers landside and airside services tailored to customers’ needs; timed to their schedules; and delivered by teams with the knowledge, tools, and passion to set standards rather than chase them.

Confidentiality, integrity, and availability of its business systems are critical to the successful day-to-day operation of Menzies and the achievement of its strategic goals. Reporting to the Chief Information Security Officer as part of the Enterprise Business Services team you will be responsible for proactively identifying, reporting, and managing the cyber risk.

Main accountabilities include:

• Continuous improvement of Menzies's overall operational cyber security posture by:
• Managing time critical Security Operations, ensuring events and incidents are responded to effectively, playbooks are followed and opportunities for improvement are identified and actioned.
• Ensuring the security architecture is implemented and functioning across the estate and providing the expected detection and prevention capabilities.
• Supporting the designing, management and operation of a global Vulnerability Management Programme.  Managing the relevant processes to ensure oversight of the cyber security posture, working with the relevant teams to remediate known vulnerabilities, and reporting monthly to the Chief Information Security Officer quantifying the risk and the progress of remediation.
• Scoping and managing the annual mandatory external testing of cyber security controls on key production systems. Reporting the findings to the relevant stakeholders and managing the required mitigations.
• Analyse and prioritise cyber threat intelligence and disseminate actionable information to the relevant IT teams and system owners to proactively mitigate emerging vulnerabilities.
• Ensure the relevant training and communications materials, informed by current threat intelligence, are available to promote a ‘Cyber Aware’ culture within the business.
• Collaborate with other departments such as IT, Development, legal, and Human Resources to ensure that cybersecurity measures are understood and implemented.
• Monitor, measure and advise on the cyber controls of third-party suppliers.

Maintain and develop cyber governance by:

• Understanding contractual and regulatory cyber compliance requirements to designing and implement the appropriate controls.
• Performing risk assessments for new systems, significant changes, current processes, projects, integrations and update the risk register with findings and propose an appropriate remediation plan.

Other responsibilities include:

• Management of cyber risk by working with business and IT stakeholders to understand processes, inform on current cyber risk and manage the this to an acceptable level.
• Working with business and IT stakeholders to define metrics and reporting strategies that effectively communicate the value of the security program.
• Consulting with IT and system owners to ensure that their cyber security requirements are factored into the evaluation, selection, installation, and configuration of hardware, applications, and software. Identifying areas for potential improvement.
• Monitoring and reporting on compliance with security policies, as well as the enforcement of policies within the IT department.
• Supporting responses to customer bids, RFQs, and subsequent clarifications.

Qualifications and Experience 

• Education: A degree in IT or cybersecurity is preferred
• Professional Certifications Relevant certifications such as CISSP, CISM, CISA, CEH, or others are highly valued.
• Ability to manage and support a security operations team.
• Ability to manage the performance of third-party service delivery partners.
• Ability to communicate effectively to a range of audiences.
• Undergraduate Degree in an IT or cyber security discipline, or equivalent experience and relevant qualifications.
• Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL), or the National Institute of Standards and Technology Cybersecurity Framework.
• Keep abreast of regulations affecting cybersecurity (e.g., GDPR) and ensure the company’s adherence to these and other relevant standards.
• Understanding of networks, systems, applications, and Cloud technologies.
• Familiarity with the principles of cryptography.
• Knowledge of security testing.
• Experience working and learning within a fast-moving, changeable environment with new technology/services/infrastructure/priorities and working practices (processes).
• Excellent organizational, planning, and administrative skills and a good eye for detail.
• Highly analytical with the ability to influence, challenge, and implement change.
• Experience in dealing with work of a confidential and sensitive nature.
• Proficient in English with secondary language of Cantonese preferred.