Security Operations & Technology Risk Analyst

Job Overview We are seeking a cybersecurity professional to support technology risk management, security operations, and incident response within a regulated enterprise environment. This role combines governance and compliance responsibilities with hands-on blue team security operations, ensuring systems and data remain secure, resilient, and compliant with regulatory expectations. The ideal candidate is comfortable operating in fast-paced environments, balancing risk assessment, operational monitoring, and incident handling. Key Responsibilities Technology Risk and Regulatory Compliance Perform technology risk assessments aligned with business objectives and regional regulatory requirements Maintain and update security policies, SOPs, risk registers, and governance documentation Conduct third-party and regulatory compliance assessments Support certification, audit, and compliance activities, including remediation of findings Security Operations and Monitoring Monitor network traffic, systems, and applications for suspicious behavior and potential security incidents Identify vulnerabilities and weaknesses across infrastructure, systems, and applications Perform security control reviews covering areas such as email security, endpoint protection, applications, and data security Deploy, configure, and manage security technologies including endpoint protection, IAM, PAM, XDR, and SIEM platforms Execute threat detection, vulnerability management, security policy enforcement, and continuous control monitoring Develop and implement response actions to contain and mitigate security incidents Collaborate with technical teams and stakeholders to coordinate remediation activities Incident Response and Forensics Lead and support the full incident response lifecycle including detection, triage, containment, eradication, and recovery Handle escalated security incidents and prepare incident reports detailing root cause, forensic findings, and mitigation recommendations Conduct forensic analysis of endpoints, logs, and network traffic to determine impact and scope Coordinate response efforts with internal stakeholders and external partners during major incidents Develop, maintain, and enhance incident response playbooks and reporting templates Requirements Experience and Qualifications 3 to 5 years of experience in technology risk, security operations, or blue team roles Diploma or Degree in Information Technology, Cybersecurity, or a related discipline Proficiency in both English and Mandarin to support collaboration with Mandarin-speaking stakeholders Technical and Domain Expertise Strong knowledge of technology risk management and defensive security strategies Hands-on experience with endpoint security, IAM, PAM, and access control solutions Solid understanding of security frameworks, layered defense concepts, and monitoring tools such as SIEM Familiarity with endpoint, VPN, and data protection technologies Experience with vulnerability management, security c