Information Security Analyst II

Responsibilities

• A. Information Security Governance, Risk & Compliance (GRC)
• Primary Objective : Drive the operational execution and continuous monitoring of the EASA Part-IS regulatory program by leveraging industry-standard frameworks to ensure airworthiness and information security resilience.
• Execution & Monitoring: Lead the daily implementation and continuous monitoring of EASA Information Security (IS) requirements. Translate high-level regulatory mandates into actionable security tasks and ensure strict adherence across the organization.
• Risk Management & Gap Analysis: Maintain the Information Security Risk Register by performing regular compliance gap analyses. Assess risks against both EASA regulations and NIST best practices, focusing on vulnerabilities that could impact regulatory certification.
• Policy Development & Governance: Develop and update security policies, standards, and procedures. Ensure all governance documentation aligns with ISO/IEC 27001 rigor while specifically addressing the aviation security nuances required by EASA Part-IS.
• Audit Assurance & Remediation: Act as the primary point of contact for compliance evidence during internal and external EASA audits. Manage the collection of evidence and lead the timely remediation of any non-conformities or observations.
• B. Technical Security Operations and Analysis
• Security Monitoring and Analysis: You will help manage the security monitoring system (SIEM) by checking logs and alerts (from tools like IDS) to find unusual activity and security issues related to EASA regulations.
• Security Testing (VAPT): You will help organize and perform security tests (VAPT) to check if our firewalls, encryption, and other technical controls are working correctly and meet both internal security standards and EASA Part-IS rules.
• Incident Support: During a security incident, you will provide hands-on technical help. This includes gathering digital evidence, checking initial log data, and writing reports to figure out the root cause and meet regulatory reporting requirements.
• C. Partner, Third-Party Risk & Stakeholder Management
• Your experience and skills:
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 2-4 years of experience in a Cyber Security, Information Security GRC

Additional Information

Job Description Founded in September 2020, Asia Digital Engineering (ADE) is a wholly-owned subsidiary of Capital A Berhad based in KLIA2, Kuala Lumpur, Malaysia. ADE leverages the AirAsia Group Engineering Department's best practices and unsurpassed combined experience in the region. ADE offers a range of aircraft services focused on the Airbus A320, A321 & A330 for line maintenance services, component and warehouse services, and engineering support services. At ADE, we are dedicated to ensuring world-class security and performance across all our products and services. The Cyber Security Analyst is a key part of this mission, supporting the Information Security department with a hybrid role of Governance (GRC) and Technical Operations Monitoring. This detail-oriented and proactive role is critical in maintaining a robust security posture, with the primary objective being strict compliance with EASA Part-IS regulations, leveraging standards like ISO/IEC 27001 and the NIST Cybersecurity Framework. You will work closely with business stakeholders, technical teams (SRE/IT), and external partners, acting as the essential bridge between regulatory requirements and technical execution.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at airasia? Share your experience