Security Analyst

John Swire & Sons (H.K.) Limited

A highly-diversified and global corporation, the Swire Group’s businesses encompass property, aviation, beverages and food chain, as well as marine and trading & industrial activities. Its core businesses are mainly focused in Asia, with its key operations in Hong Kong and the Chinese Mainland. Within Asia, Swire's activities come under the Group's publicly quoted arm, Swire Pacific Limited, which is the largest shareholder in two Hong Kong listed companies: Swire Properties and Cathay Pacific Airways.

John Swire & Sons (H.K.) Limited is the holding company of the publicly-listed conglomerate, Swire Pacific Ltd. Our IT & Digital department is now inviting candidates to apply for the following position:

Security Analyst

This role aims to support the IT & Digital team in aligning security initiatives with the company's strategic roadmap. It involves coordinating with internal teams and external vendors to implement and improve security measures. The incumbent will assess cybersecurity risks, ensure compliance with standards, and maintain market awareness for continual enhancement. Furthermore, they will work with providers to enforce security operations, service level agreements (SLAs), and metrics to protect IT and data assets.

Responsibilities: 

• Coordinate security efforts with outsourced managed security services providers to handle threat and SOC activities, ensure high-quality service delivery, and maintain compliance through established KPIs and metrics, while continuously reviewing and adjusting remediation strategies based on regular performance evaluations
• Manage the day-to-day operations of various security devices, including but not limited to Endpoint Security, Web Application Firewall (WAF), Email Security, and Web Security
• Oversee application security assessments, including data protection and session security, conduct penetration tests, manage access controls, support internal and external IT audits, and provide cybersecurity training to enhance risk management for related teams
• Manage escalated security incidents from the SOC, service desk, and technical support teams
• Develop robust frameworks for cloud environments and SaaS, formulating data security and lifecycle strategies, and addressing network security needs such as WiFi, segmentation, and remote access
• Identify security vulnerabilities and provide expert recommendations on cybersecurity measures to ensure that application and infrastructure projects adhere to established risk management protocols
• Contribute to the development of standards, policies, and procedures, including hardening benchmarks, patch management policies, and Mobile Device Management (MDM) protocols
• Conduct research on latest technology and select the more suitable solutions for company infrastructure enhancement

To be successful in this role, you must have:

• A Bachelor’s degree in Computer Science, Information Technology, or related disciplines
• Professional certifications such as CISSP, CEH, CISA, CISM, etc. are desirable
• At least 5 years of experience in infrastructure and security operations, including on-premise and cloud exposure
• Proven track record in developing policies and metrics on security aspects
• Solid technical knowledge and experience with large-scale IT infrastructures and operations, particularly around security operations and incident response
• A strong security technical background, particularly in Application Security, Cloud Security, Endpoint Security, Network Security
• A good understanding of cyber security standards, e.g. ISMS, NIST Cyber Security Framework and ISO27001
• Good communication skills in both spoken and written English and Chinese. Putonghua is desirable

Application:
At Swire, we are committed to creating an inclusive and supportive working environment for all our people regardless of their age, gender, gender identity, sexual orientation, relationship, family status, disability, race, ethnicity, nationality, religious or political beliefs. We believe in creating an environment where people feel comfortable at work and are able to realise their full potential.

We offer a competitive package to the right candidate. If you meet the qualifications and are interested in this position, you can send your application by clicking "Apply Now". We will contact all shortlisted candidates.

The Swire group is an equal opportunity employer. All applications will be used exclusively for selection purposes and handled confidentially by authorised personnel only. Your application may also be considered for other suitable positions within the Swire group (please indicate clearly on your application if you would not like to be considered for other positions within the group.) Following the data privacy ordinance, all unsuccessful applications will be destroyed after an appropriate time.