POSITION SUMMARY:
The Senior Analyst - Cyber Security Ops is responsible for leading enterprise-wide cybersecurity risk assessments, vulnerability management, and compliance initiatives. The role ensures that security risks are identified, assessed, and mitigated in alignment with organizational risk appetite and regulatory requirements. This position acts as a key liaison between cybersecurity, IT, and business stakeholders to strengthen the overall security posture.

PRIMARY RESPONSIBILITIES:
Contribute the team working as the cyber security “Subject Matter Expert” and "Advisor" for GEG covering:

1. Cyber Risk Assessment & Analysis
- Conduct enterprise-wide cybersecurity risk assessments
- Perform cyber, tech and business impact and risk analysis
- Develop risk treatment and remediation plans
2. Vulnerability Management
- Support in the identification of vulnerabilities through scanning and threat intelligence
- Prioritize risks based on severity and business context
- Track and oversee remediation activities
3. Security Governance & Compliance
- Ensure compliance with frameworks (ISO 27001, NIST CSF, PCI-DSS, etc.)
- Support internal/external audits
- Review and manage policy exceptions
4. Security Advisory & Solution Review
- Perform security assessments on new systems and cloud services
- Provide secure design and architecture recommendations
5. Security Awareness & Testing
- Design and execute social engineering simulations
- Support cybersecurity awareness programs
6. Stakeholder Engagement
- Collaborate with IT and business teams to align risk treatment
- Communicate risks to senior and non-technical stakeholders

REQUIREMENTS:
Must-Have Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
- Minimum 4+ years of experience in:
- Cybersecurity risk assessment
- Vulnerability management
- Security compliance or audit support
- Hands-on experience with:
- Risk assessment methodologies
- Vulnerability scanning and remediation processes
- Good understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, MCSL)
- Proven ability to perform risk impact analysis and develop actionable remediation plans
Strong ability to communicate security risks to non-technical stakeholders
- Able to communicate in English and Chinese, including writing and reading

Preferred Qualifications
- Industry certifications such as CISSP, CISM, CRISC, CEH, GIAC, GSEC
- Experience with cloud security environments (AWS, Azure, GCP, Aliyun)
- Experience supporting internal/external audits or regulatory compliance
- Exposure to security architecture review or secure design practices
- Experience in social engineering or security awareness programs

Technical Skills
- Risk assessment and risk treatment planning
- Vulnerability identification, prioritization, and tracking
- Security control evaluation and compliance validation
- Basic knowledge of implementing or managing security controls
- Familiarity with threat intelligence and security monitoring concepts

Core Competencies
- Strong analytical and problem-solving ability
- Effective stakeholder communication and presentation skills
- Ability to work independently and manage priorities
- Strong planning, time management, and organizational skills
- Collaborative mindset with cross-functional teams