Apply on Employer Site

Melco Resorts & Entertainment · 6 hours ago

Analyst, Information Security (Compliance)

Studio City

Full-time

Onsite

Entry, Mid Level

2+ years exp

Melco Resorts & Entertainment is seeking an Analyst in Information Security (Compliance) to ensure adherence to the Macau Cyber Security Law and ISO27001 standards. The role involves enforcing security policies, overseeing compliance audits, and coordinating security awareness programs across all properties.

HospitalityResortsRetail

Responsibilities

Ensure Melco Information Security Policy is compliant with Macau Cyber Security Law (MCSL) and to carried out required activities accordingly

Enforce Melco Information Security Policy based on industrial standards (e.g. ISO27001 latest) and best practices across all Melco properties and locations

Oversee security control systems to prevent or deal with violation of Information Security Policies and Standards

Review and revise Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest standards and best practices

Coordinate/support an information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staff

Coordinate/support internal/external audit activities; perform annual internal audit in conjunction with internal policy, regulation and governance. Ensure audit findings and corrective actions are closed out accordingly

Review change/service request tickets in ticketing system within agreed SLA

Remain informed on current standards, trends and issues in the information security industry

Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworks

Support Information Security Operation Calendar activities

Produce required dashboard for management reviews (e. Compliance, Vulnerability reports)

Qualification

ISO 27001Macau Cyber Security LawInformation Security AuditingCloud TechnologiesCISACISSPNetwork SecurityAnalytical SkillsProject ManagementCommunication Skills

Required

2+ years' working of experience in a related field

Requires in depth experience and knowledge of enterprise IT concerns and technologies

Experience with managing a compliance and/or security organization, including planning and executing security policies and standards development

Experience in ISO 27001 latest standard

1+ years in information security preferred to include management or administration in least 6 of the following disciplines: Network Security and firewalls (CCSP/CCIE – Security, CCNA), Relational Database Security, Remote Access/VPN solutions, Information Security Auditing, Intrusion Detection and Response, Anti-virus systems, Messaging Security, Security policy and procedure development, Windows and Active Directory security, Access management processes, Security benchmarking requirements (CIS), Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA), Security Strategic Planning and Risk Management, Web and application based security, Encryption (PKI/Kerberos/SSL), Cloud Technologies

Bachelor's degree in Management Information System, Computer Science, or related disciplines

Fluent in of written and spoken English

Capacity to work independently and in a team environment, with leadership ability and project management skills

Ability to multi-task and have solid project management skills

Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks

Ability to keep pace with a fast pace and growing company

Strong analytical and inter-personal skills to communicate technical information to non-technical background users

Preferred

Experience in Macau Cyber Security Law is a plus

An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable

Fluency in Cantonese and Mandarin will also be an advantage

Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus

Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)

Displays a high commitment to delivering results

Leads others to achieve business objectives

Communicates effectively

Displays the highest level of integrity

Ability to maintain discretion

Self-motivated

Approachable