北京招聘

Responsibilities:
- Support the Country Group ISO in establishing and maintaining key relationships, collaborations and partnerships for the furtherance of Information Security objectives with IT Business Engagement counterparts, IT CoE’s and local business leadership with special focus on identification and protection of critical assets, exception management, incident management, vulnerability management.
- Implement the risk-based approach to protect information assets, including execution of Golden Nugget" protection and ACP Process, ISEC Risk Management, and ISEC Awareness Campaigns and Training in the area of responsibility
- Collaborate with Division & Business Unit ISOs to ensure full coverage of all ISEC Business Proximity topics in the area of responsibility in order to drive risk transparency, threat and impact awareness, identification of assets that need to be protected as well as creation and implementation of required Protection Concepts
- Ensure implementation and execution of all ISEC processes (e.g. risk management/ERM, ACP process, etc.) in area of responsibility
- Collaborate with local IT management to ensure all ISEC related controls and measures are implemented, managed, controlled and reported
- As the ISEC Business Proximity point of contact, identify applicability of ISEC business proximity needs within the area of responsibility, especially with regards to trends and risks, and collaborate with the CG ISO for the development and roll-out of appropriate solutions
- Support the Country Group ISO in the identification of ISEC demands of business units and local IT business partners
- Ensure identification, collection of local ISEC demands within the area of responsibility
- Collaborate with Country ISOs to ensure global / regional execution and coverage of all ISEC Business Proximity Key Function
- Monitor, manage and report ISEC Business Proximity performance targets for area of responsibility, aligned with overall ISEC Strategy and performance metrics
- Responsible for participating in and directing the ISEC Incident Handling Process in accordance with the role assigned to him/her during the declaration of an ISEC incident (this role may span from managing the process and all team members, or participating as a key member under a designated lead).Responsible for reporting ISEC incidents in accordance with the ISEC Incident Handling process
- Mange and drive the implementation of the ISEC Risk Management process in the area of responsibility
- Engage with Enterprise Risk Management for risks in country and understand it from a business and region/country point of view to foster greater understanding of managing enterprise risks as it relates to cyber security threats and the broader threat landscape
- Engage with business and IT leaders, translating the services and value of ISEC into business language. Partner with country business leaders, and guide and drive high ISEC awareness standards (e.g. awareness campaigns, trainings, communications) for the area of responsibility
- Collaboration with local production site / plant management regarding product security and relation / integration with Information Security
- Identification of ISEC consulting demand / needs of local business partners and / or local IT management and secure respective support through collaboration with regional Country Group ISO, ROC and ISEC Delivery Excellence
- Executes and coordinates all ISEC activities in area of responsibility as assigned by Country Group ISO
Requirements:
- Bachelor's Degree in Computer Science, Engineering, Information Technology or similar field at minimum
- A minimum of 5-7 years’ working in Information Technology with relevant experience in Information Security/Cyber Security
- Previous experience as an Information Security Officer or Security Architect is desired.
- Working experience with methodologies such as ISO 27001 and/or IEC 62443
- Working experience in interpreting security requirements, analyzing and recommending best practice approach to secure IT application and infrastructure
- Strong knowledge of TCP/IP, common network protocols, network devices
- Strong knowledge of Microsoft and Linux Operating Systems, Database, Web Application, etc.
- Strong understanding of current technology trends, security best practices, and cyber security threats
- Broad knowledge of information security tools, concepts, and techniques, such as Endpoint Protection, Firewall, IDS/IPS, VPN, NAC, Encryption
- Certification in one or more relevant platform systems (e.g. Cisco, Microsoft) is preferred
- Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor is a plus
- Self-motivation and the ability to work under minimal supervision
- Strong problem solving, analytical skills and organizational skills
- Strong communication skills, both written and verbal, including the ability to create and deliver technical presentations to technical and non-technical staff

微信分享