Information Security Manager - Reputation Risk Group - Guangzhou (职位编号:CN154652)
德勤华永会计师事务所(特殊普通合伙)
- 公司规模:500-1000人
- 公司性质:合资
- 公司行业:专业服务(咨询、人力资源、财会)
职位信息
- 发布日期:2019-01-29
- 工作地点:广州
- 招聘人数:若干人
- 工作经验:3-4年经验
- 学历要求:本科
- 职位类别:其他
职位描述
Description:
About Deloitte China
Our professionals at Deloitte China provide a full range of audit & assurance, consulting, financial advisory, risk management and tax services, and work closely within Greater China, across Asia-Pacific and around the world to provide clients of every size with local experience and international expertise. We have considerable experience in China and are one of the leading professional services providers in this marketplace.
The Deloitte purpose is about making an impact that matters to our clients. Our extensive service spectrum enables us to help clients become leaders wherever they choose to compete. Deloitte is committed to investing in our people and empowers them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.
To learn more about how Deloitte makes an impact that matters in the China marketplace, please connect with our Deloitte China social media platforms via www2.deloitte.com/cn/en/social-media.
?
The Business Security Office requests a full time Manager to support implementation of the cyber/information security strategy, business continuity program, and to identify, manage and mitigate information security risks associated with the initiatives within different business functions.
Business needs:
? According to study, cyber threats are increasing rapidly, becoming more sophisticated, coordinated, and which is categorized by WEF as one of the biggest threats to the world.
? Under the new Business Security Oversight Model, significant effort is required to implement the upcoming cyber security strategy to enhance the firm's cyber-security defense capability (e.g. ISMS, integrated control model, holistic resilience capability, cyber threat intelligence, firm-wide risk assessment and reporting, cyber cultural training, and supplier risk management).
? Business Security Team is taking up an increasing oversight responsibility and workload as 2nd line of defense under multiple information security assurance programs to validate PM40, Vendor Risk Assessment (VRA) and Technology Risk Framework (TRF) compliance.
? Increasing volume of cyber and information security risk assessment demanded by rapid development of cloud platform, local innovation cases and global initiatives (e.g. A&A Global Implementation..etc.).
? Expect significant increase of Supplier Information Security Requirement (SISR) compliance requests (client contract review, inquiries, questionnaire, audit) in light of the new GDPR, publicized cyber incident from global and increased awareness of global security threat.
? DTTL Global's additional demand for the continuous supports for the Cyber Security Acceleration Program, ISO22301 standard alignment and ISO27001 certification efforts.
? Our current resources under business security are too tight and additional experience is required to support the increasing workload due to the implementation of cyber security strategy and oversight framework.
The Information Security Manager will work under Deloitte China's Business Security Office, an internal support function within the Risk & Reputation Group to support implementation of the cyber/information security strategy, business continuity program, and to identify, manage and mitigate information security risks associated with the initiatives within different business functions.
Responsibilities:
? Assist in strategy development and implementation, creating and updating policies and training materials.
? Assist in implementing and maintaining the firm's Information Security Management System (ISMS) and Business Continuity Management (BCM) programs.
? Assist in coordinating the ISO27001 and ISO22301 certification program.
? Assist in executing Deloitte global or local member firm's cyber security strategy and initiatives.
? Collaborate with multiple internal stakeholders to handle security incidents.
? Collaborate with legal, Information Technology Services (ITS) and stakeholders of other business functions to assist in examining vendor contracts.
? Conduct day-to-day security risk support such as technology risk assessment, vendor risk assessment, and support Supplier Information Security Requirements (SISR) response.
? Assist in preparing firm-wide communications, surveys, and reports/dashboards/KPIs.
? Conduct other security responsibilities as appropriate under the direction of the Chief Security Officer and National Data Security Officer.?
Qualification:
? Bachelor Degree in information technology or an acceptable equivalent combination of academic credentials and professional experience, preferably with Big 4 audit firm's data security, cyber security consulting, risk advisory or SOC experiences.
? 4-6 years’ of progressive professional roles involving information security, cyber security, business continuity & disaster recovery, IT operations management and/or major IT program management.
? Certificate holder of CISA or CISSP and/or CBCM preferred.
? Broad understanding of information security assurance, and cyber security technology & operations.
? Experience in any of the following security domains is an advantage: IT audit, cloud security, secure coding, network security, cyber security analytics, SIEM, forensic, ethical hacking and penetration testing.
? Team player and strong Microsoft Office skills (e.g. Excel, PPT, Doc.).
? Excellent written and verbal communication skills in Mandarin and English.
About Deloitte China
Our professionals at Deloitte China provide a full range of audit & assurance, consulting, financial advisory, risk management and tax services, and work closely within Greater China, across Asia-Pacific and around the world to provide clients of every size with local experience and international expertise. We have considerable experience in China and are one of the leading professional services providers in this marketplace.
The Deloitte purpose is about making an impact that matters to our clients. Our extensive service spectrum enables us to help clients become leaders wherever they choose to compete. Deloitte is committed to investing in our people and empowers them to achieve more than they could elsewhere. Our work combines advice with action and integrity. We believe that when our clients and society are stronger, so are we.
To learn more about how Deloitte makes an impact that matters in the China marketplace, please connect with our Deloitte China social media platforms via www2.deloitte.com/cn/en/social-media.
?
The Business Security Office requests a full time Manager to support implementation of the cyber/information security strategy, business continuity program, and to identify, manage and mitigate information security risks associated with the initiatives within different business functions.
Business needs:
? According to study, cyber threats are increasing rapidly, becoming more sophisticated, coordinated, and which is categorized by WEF as one of the biggest threats to the world.
? Under the new Business Security Oversight Model, significant effort is required to implement the upcoming cyber security strategy to enhance the firm's cyber-security defense capability (e.g. ISMS, integrated control model, holistic resilience capability, cyber threat intelligence, firm-wide risk assessment and reporting, cyber cultural training, and supplier risk management).
? Business Security Team is taking up an increasing oversight responsibility and workload as 2nd line of defense under multiple information security assurance programs to validate PM40, Vendor Risk Assessment (VRA) and Technology Risk Framework (TRF) compliance.
? Increasing volume of cyber and information security risk assessment demanded by rapid development of cloud platform, local innovation cases and global initiatives (e.g. A&A Global Implementation..etc.).
? Expect significant increase of Supplier Information Security Requirement (SISR) compliance requests (client contract review, inquiries, questionnaire, audit) in light of the new GDPR, publicized cyber incident from global and increased awareness of global security threat.
? DTTL Global's additional demand for the continuous supports for the Cyber Security Acceleration Program, ISO22301 standard alignment and ISO27001 certification efforts.
? Our current resources under business security are too tight and additional experience is required to support the increasing workload due to the implementation of cyber security strategy and oversight framework.
The Information Security Manager will work under Deloitte China's Business Security Office, an internal support function within the Risk & Reputation Group to support implementation of the cyber/information security strategy, business continuity program, and to identify, manage and mitigate information security risks associated with the initiatives within different business functions.
Responsibilities:
? Assist in strategy development and implementation, creating and updating policies and training materials.
? Assist in implementing and maintaining the firm's Information Security Management System (ISMS) and Business Continuity Management (BCM) programs.
? Assist in coordinating the ISO27001 and ISO22301 certification program.
? Assist in executing Deloitte global or local member firm's cyber security strategy and initiatives.
? Collaborate with multiple internal stakeholders to handle security incidents.
? Collaborate with legal, Information Technology Services (ITS) and stakeholders of other business functions to assist in examining vendor contracts.
? Conduct day-to-day security risk support such as technology risk assessment, vendor risk assessment, and support Supplier Information Security Requirements (SISR) response.
? Assist in preparing firm-wide communications, surveys, and reports/dashboards/KPIs.
? Conduct other security responsibilities as appropriate under the direction of the Chief Security Officer and National Data Security Officer.?
Qualification:
? Bachelor Degree in information technology or an acceptable equivalent combination of academic credentials and professional experience, preferably with Big 4 audit firm's data security, cyber security consulting, risk advisory or SOC experiences.
? 4-6 years’ of progressive professional roles involving information security, cyber security, business continuity & disaster recovery, IT operations management and/or major IT program management.
? Certificate holder of CISA or CISSP and/or CBCM preferred.
? Broad understanding of information security assurance, and cyber security technology & operations.
? Experience in any of the following security domains is an advantage: IT audit, cloud security, secure coding, network security, cyber security analytics, SIEM, forensic, ethical hacking and penetration testing.
? Team player and strong Microsoft Office skills (e.g. Excel, PPT, Doc.).
? Excellent written and verbal communication skills in Mandarin and English.
职能类别: 其他
公司介绍
About Deloitte Global
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), and its network of member firms, and their related entities. DTTL and each member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. Please see www.deloitte.com/cn/en/about for a detailed description of DTTL and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's more than 200,000 professionals are committed to becoming the standard of excellence.
About Deloitte in Greater China
We are one of the leading professional services providers with 22 offices in Beijing, Hong Kong, Shanghai, Taipei, Chengdu, Chongqing, Dalian, Guangzhou, Hangzhou, Harbin, Hsinchu, Jinan, Kaohsiung, Macau, Nanjing, Shenzhen, Suzhou, Taichung, Tainan, Tianjin, Wuhan and Xiamen in Greater China. We have nearly 13,500 people working on a collaborative basis to serve clients, subject to local applicable laws.
About Deloitte China
The Deloitte brand first came to China in 1917 when a Deloitte office was opened in Shanghai. Now the Deloitte China network of firms, backed by the global Deloitte network, deliver a full range of audit, tax, consulting and financial advisory services to local, multinational and growth enterprise clients in China. We have considerable experience in China and have been a significant contributor to the development of China's accounting standards, taxation system and local professional accountants.
关于德勤全球
Deloitte (“德勤”)泛指德勤有限公司(一家根据英国法律组成的私人担保有限公司,以下称“德勤有限公司”) ,以及其一家或多家成员所和它们的关联机构。德勤有限公司与每一个成员所均为具有独立法律地位的法律实体。德勤有限公司(又称“德勤全球”)并不向客户提供服务。请参阅 www.deloitte.com/cn/about 中有关德勤有限公司及其成员所的详细描述。
德勤为各行各业的上市及非上市客户提供审计、税务、企业管理咨询及财务咨询服务。德勤成员所网络遍及全球逾150个国家及地区,凭借其世界一流和高质量专业服务,为客户提供深入见解以协助其应对最为复杂的业务挑战。德勤拥有超过200,000名专业人士,致力于追求卓越,树立典范。
关于德勤大中华
作为其中一所具领导地位的专业服务事务所,我们在大中华设有22个办事处分布于北京、香港、上海、台北、成都、重庆、大连、广州、杭州、哈尔滨、新竹、济南、高雄、澳门、南京、深圳、苏州、台中、台南、天津、武汉和厦门。我们拥有近13,500名员工,按照当地适用法规以协作方式服务客户。
关于德勤中国
德勤品牌随着在1917年设立上海办事处而首次进入中国。目前德勤中国的事务所网络,在德勤全球网络的支持下,为中国的本地、跨国及高增长企业客户提供全面的审计、税务、企业管理咨询及财务咨询服务。在中国,我们拥有丰富的经验,一直为中国的会计准则、税务制度与本地专业会计师的发展贡献所长。
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), and its network of member firms, and their related entities. DTTL and each member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. Please see www.deloitte.com/cn/en/about for a detailed description of DTTL and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte's more than 200,000 professionals are committed to becoming the standard of excellence.
About Deloitte in Greater China
We are one of the leading professional services providers with 22 offices in Beijing, Hong Kong, Shanghai, Taipei, Chengdu, Chongqing, Dalian, Guangzhou, Hangzhou, Harbin, Hsinchu, Jinan, Kaohsiung, Macau, Nanjing, Shenzhen, Suzhou, Taichung, Tainan, Tianjin, Wuhan and Xiamen in Greater China. We have nearly 13,500 people working on a collaborative basis to serve clients, subject to local applicable laws.
About Deloitte China
The Deloitte brand first came to China in 1917 when a Deloitte office was opened in Shanghai. Now the Deloitte China network of firms, backed by the global Deloitte network, deliver a full range of audit, tax, consulting and financial advisory services to local, multinational and growth enterprise clients in China. We have considerable experience in China and have been a significant contributor to the development of China's accounting standards, taxation system and local professional accountants.
关于德勤全球
Deloitte (“德勤”)泛指德勤有限公司(一家根据英国法律组成的私人担保有限公司,以下称“德勤有限公司”) ,以及其一家或多家成员所和它们的关联机构。德勤有限公司与每一个成员所均为具有独立法律地位的法律实体。德勤有限公司(又称“德勤全球”)并不向客户提供服务。请参阅 www.deloitte.com/cn/about 中有关德勤有限公司及其成员所的详细描述。
德勤为各行各业的上市及非上市客户提供审计、税务、企业管理咨询及财务咨询服务。德勤成员所网络遍及全球逾150个国家及地区,凭借其世界一流和高质量专业服务,为客户提供深入见解以协助其应对最为复杂的业务挑战。德勤拥有超过200,000名专业人士,致力于追求卓越,树立典范。
关于德勤大中华
作为其中一所具领导地位的专业服务事务所,我们在大中华设有22个办事处分布于北京、香港、上海、台北、成都、重庆、大连、广州、杭州、哈尔滨、新竹、济南、高雄、澳门、南京、深圳、苏州、台中、台南、天津、武汉和厦门。我们拥有近13,500名员工,按照当地适用法规以协作方式服务客户。
关于德勤中国
德勤品牌随着在1917年设立上海办事处而首次进入中国。目前德勤中国的事务所网络,在德勤全球网络的支持下,为中国的本地、跨国及高增长企业客户提供全面的审计、税务、企业管理咨询及财务咨询服务。在中国,我们拥有丰富的经验,一直为中国的会计准则、税务制度与本地专业会计师的发展贡献所长。
联系方式
- Email:sh@deloitte.com.cn