• Lead IT risk and security assessments, including tracking and driving mitigation of identified issues
• Communicate residual risks, vulnerabilities, and noncompliance clearly to senior management and stakeholders
• Provide subject matter expertise in resolving reported security incidents and exception-based security requests
• Develop and maintain security assessment frameworks, methodologies, and control testing procedures (including cloud and contractual requirements)
• Oversee and enhance security testing frameworks and processes across projects and business-as-usual activities
• Manage and assure quality of vendor and internal testing, including reviewing test criteria, scenarios, and coverage against security requirements
• Prioritise and allocate testing resources to meet multiple project timelines based on risk and criticality
• Mentor and manage team members, supporting capability development and effective resource utilisation
• Monitor evolving security threats, standards, and operating environments, adapting assurance approaches accordingly
• Collaborate across teams to improve testing methodologies, promote secure coding practices, and deliver training on security testing techniques.

• 5–7 years of relevant experience in IT security assurance and testing, with demonstrated experience leading small teams
• Certifications in penetration testing disciplines (for assessment focus), such as Offensive Security Certified Professional (OSCP), SANS Web Application Penetration Testing (GWAPT), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), Offensive Security Certified Expert (OSCE), or Certified Ethical Hacker (CEH)
• Expert knowledge of security-related attacks, testing methodologies, standards, and assessment tools
• Solid competencies in information security processes, frameworks, and technologies, including network and application vulnerability assessment, IT risk assessment, penetration testing and ethical hacking
• Working knowledge of recognised security standards and methodologies such as Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST), Open Source Security Testing Methodology Manual (OSSTMM), and Open Source Intelligence (OSINT)
• Strong experience in vendor management and oversight of third-party delivery quality
• Expert knowledge of security solutions and tools used in assurance and testing activities
• Strong communication skills, with the ability to articulate ideas clearly to a broad range of audiences and deliver impactful presentations
• Strong interpersonal skills with the ability to build and maintain effective working relationships; proven management experience is an advantage
• Proactive, analytical, and customer-focused mindset, with strong problem-solving, troubleshooting, decision-making skills, and ability to understand end-user behaviour and drive positive outcomes

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods.