REQ13921 Analyst, Information Security (Compliance) (Open Date: 19/01/2026)
POSITION SUMMARY:
As an Analyst, Information Security (Compliance) you will be part of Team focusing adherence to Macau Cyber Security Law (MCSL), ISO27001 (latest) standard, regulatory requirements, and in-house policies.
PRIMARY RESPONSIBILITIES:
- Ensure Melco Information Security Policy is compliant with Macau Cyber Security Law (MCSL) and to carried out required activities accordingly.
- Enforce Melco Information Security Policy based on industrial standards (e.g. ISO27001 latest) and best practices across all Melco properties and locations
- Oversee security control systems to prevent or deal with violation of Information Security Policies and Standards
- Review and revise Information Security policies, procedures, standards and checklists periodically to ensure compliance to the latest standards and best practices
- Coordinate/support an information security awareness program to deliver risk communication, awareness and training for audiences, which may range from senior leaders to field staff
- Coordinate/support internal/external audit activities; perform annual internal audit in conjunction with internal policy, regulation and governance. Ensure audit findings and corrective actions are closed out accordingly
- Review change/service request tickets in ticketing system within agreed SLA
- Remain informed on current standards, trends and issues in the information security industry
- Ensure cloud product (e.g. AWS, Azure, Alibaba) compliance to an array of cyber-security industry frameworks
- Support Information Security Operation Calendar activities
- Produce required dashboard for management reviews (e. Compliance, Vulnerability reports)
QUALIFICATIONS:
Experience
- 2+ years’ working of experience in a related field.
- Requires in depth experience and knowledge of enterprise IT concerns and technologies
- Experience with managing a compliance and/or security organization, including planning and executing security policies and standards development
- Experience in ISO 27001 latest standard
- Experience in Macau Cyber Security Law is a plus
- 1+ years in information security preferred to include management or administration in least 6 of the following disciplines:
- Network Security and firewalls (CCSP/CCIE – Security, CCNA)
- Relational Database Security
- Remote Access/VPN solutions
- Information Security Auditing
- Intrusion Detection and Response
- Anti-virus systems
- Messaging Security
- Security policy and procedure development
- Windows and Active Directory security
- Access management processes
- Security benchmarking requirements (CIS)
- Security compliance for Regulatory requirements (NERC/SOX/HIPPA/FISMA)
- Security Strategic Planning and Risk Management
- Web and application based security
- Encryption (PKI/Kerberos/SSL)
- Cloud Technologies
Education
- Bachelor’s degree in Management Information System, Computer Science, or related disciplines
- An information security or other similar technical certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) is highly desirable
Skills / Competencies
- Knowledge of security policies, standards, regulatory requirements such as ISO 27001, PCI-DSS, GDPR, MCSL
- Fluent in of written and spoken English. Fluency in Cantonese and Mandarin will also be an advantage
- Good knowledge of cloud platforms (e.g. AWS, Azure, Alibaba) a plus
- Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint, Excel)
- Capacity to work independently and in a team environment, with leadership ability and project management skills
- Ability to multi-task and have solid project management skills.
- Ability to understand the relationship between business processes, priorities, risk and their underlying
- technologies and security risks
- Ability to keep pace with a fast pace and growing company
- Strong analytical and inter-personal skills to communicate technical information to non-technical background
- users
PERSONAL COMPETENCIES:
- Displays a high commitment to delivering results
- Leads others to achieve business objectives
- Communicates effectively
- Displays the highest level of integrity
- Ability to maintain discretion
- Self-motivated
- Approachable