IT Security Assurance Lead

IT Security Assurance Lead (Assessment) (24-Month Contract) Join to apply for the IT Security Assurance Lead (Assessment) (24-Month Contract) role at Cathay Pacific . Report To: IT Security Assurance Senior Lead. This role is part of our Information Technology department, committed to upholding the highest standards of digital security and operational excellence. As the Security Assurance Lead, you will be responsible for developing and managing security assessments and IT security testing to ensure all initiatives, contracts, and applications are thoroughly evaluated for inherent risks and comply with established security standards. With your leadership experience and technical expertise, you will guide a team to implement best practices, deliver assurance engagements, and collaborate with a diverse set of stakeholders. This role offers a dynamic environment with structured career progression and the opportunity to make a meaningful impact on our organization’s security posture. Key Responsibilities Lead IT Risk and Security assessments and ensure mitigation items are tracked and addressed, maintaining oversight of risk posture across projects and operations. Communicate residual risks, vulnerabilities, and security exposures—including misuse of information assets and noncompliance—to senior management, enabling informed decision-making and prioritization. Provide subject matter expertise in resolving reported security incidents, offering guidance and technical input to ensure timely and effective remediation. Evaluate risks and threats associated with exception-based security requests, advising business units on appropriate mitigation strategies to balance operational needs and security requirements. Proactively maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation techniques, and industry best practices to keep the organization’s security posture resilient and adaptive. Mentor and manage team members, fostering professional development, accountability, and alignment with security objectives and organizational goals. Develop security frameworks for IT Risk and Security Analysts, including cloud security assessments, contractual requirements, and risk assessment methodologies, to standardize and strengthen assurance practices. Define and maintain assessment and testing procedures, guidelines, and frameworks, while driving efficiencies by industrializing control assessments and adapting to changes in security standards and operating environments. Oversee vendor management and testing tools, ensuring quality delivery and alignment with security requirements and effective use of resources across multiple projects and BAU activities. Empower the security testing discipline by implementing robust frameworks and processes, managing test execution quality, coordinating internal and vendor resources, promoting secure coding practices, and conducting training to elevate security assurance across the organization. Requirements 5-7 years of relevant experience in Assurance and Test areas with team leading experience; proven management experience is a plus. For assessments – solid competencies in information security processes, frameworks and technologies, IT Risk Assessment and certification in assessment and risk disciplines such as CISSP, CRISC, CISM, CISA. Knowledge of information security standards (e.g., ISO27001) and privacy regulations. For testing – solid competencies in information security processes, frameworks and technologies, such as network & application vulnerability assessment, IT risk assessment, penetration testing & ethical hacking, OWASP, NIST, OSSTMM, OSINT etc. Strong knowledge of security-related attacks, security testing methodologies, standards and assessment tools; solid experience in vendor management; advanced knowledge of security solutions and tools. Ability to listen and articulate ideas verbally and in written formats to a broad range of audiences; ability to ask probing questions and deliver presentations that have impact. Strong interpersonal skills and ability to maintain good relationships with others; strong experience in vendor management. Proactive and willing to accept and drive changes to accomplish positive outcomes. Well-developed analytical, problem‑solving, and decision‑making skills; strong troubleshooting skills; ability to identify patterns and generate ideas. Focus on the end users or customers’ needs; ability to set expectations and understand end user behaviour. Personal & Application Information Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our Applicant Personal Information Collection Statement and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. We keep records of your data for no longer than is necessary for the purpose for which we obtained them and any other permitted linked purposes. If your application is unsuccessful, we will keep your details on file for as long as is necessary to process your application or for the purposes of further job opportunities if you agree to such longer periods. Seniority level: Mid‑Senior level. Employment type: Contract. Job function: Information Technology. Industry: Airlines and Aviation. Referrals increase your chances of interviewing at Cathay Pacific by 2x. Get notified about new Information Technology Security Specialist jobs in Hong Kong, Hong Kong SAR. #J-18808-Ljbffr