IT Security Analyst - Compliance (职位编号:SHA0015F)
EY安永
- 公司规模:10000人以上
- 公司性质:合资
- 公司行业:会计/审计
职位信息
- 发布日期:2019-05-11
- 工作地点:上海
- 招聘人数:若干人
- 工作经验:无工作经验
- 学历要求:招若干人
- 语言要求:不限
- 职位类别:其他
职位描述
Successful organizations depend on their reputation for keeping promises, respecting laws and behaving ethically to maintain stakeholder trust. EY Forensic & Integrity Services professionals help organizations protect and restore enterprise and financial reputation. We assist companies and their legal counsel to investigate facts, resolve disputes and manage regulatory challenges. We put integrity at the heart of compliance programs to help better manage ethical and reputational risks.
We understand how organizations navigate complex environments; how pressures, attitudes and culture influence employee actions; and how to leverage data analytics to improve compliance and investigation outcomes. We are committed to making integrity the cornerstone of a better working world.
Key responsibilities:
· Planning and conducting information security reviews using relevant cyber security standards, such as: ISO 270001, NIST cybersecurity framework, CIS controls, PCI DSS
· Assisting in developing and improving information security assessment program elements.
· Assisting in developing, improving and implementing information security standards and requirements to guide business partners and third parties in adhering to security requirements
· Identifying information security deficiencies or risks; providing escalation paths for information security issues, incidents and inquiries.
· Partnering with senior management in business, legal and compliance departments to ensure the security assessment program is in line with our corporate values, compliance programs, laws and regulations, and enabling the business to achieve its objectives
· Researching laws, regulations, and policies as they pertain to information security and providing advice and assistance to internal and external partners and affiliates.
· Identifying potential risk issues and recommending improvements or appropriate internal controls.
Qualifications, Education and Certification
To qualify, candidates must have:
· 2-3 years working experience in an information security, IT audit or IT risk management related role.
· CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor or comparable certifications.
· Knowledge of IT Risk and Security governance frameworks such as ISO 27001, NIST cybersecurity framework, PCI, and HIPAA.
· Understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
· Experience writing Perl, Python, scripting, programming, or other languages is a plus.
· Experience with Databases, SQL knowledge is a plus.
· Understanding of risks in banking / financial services sector are an added advantage.
· Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs.
We understand how organizations navigate complex environments; how pressures, attitudes and culture influence employee actions; and how to leverage data analytics to improve compliance and investigation outcomes. We are committed to making integrity the cornerstone of a better working world.
Key responsibilities:
· Planning and conducting information security reviews using relevant cyber security standards, such as: ISO 270001, NIST cybersecurity framework, CIS controls, PCI DSS
· Assisting in developing and improving information security assessment program elements.
· Assisting in developing, improving and implementing information security standards and requirements to guide business partners and third parties in adhering to security requirements
· Identifying information security deficiencies or risks; providing escalation paths for information security issues, incidents and inquiries.
· Partnering with senior management in business, legal and compliance departments to ensure the security assessment program is in line with our corporate values, compliance programs, laws and regulations, and enabling the business to achieve its objectives
· Researching laws, regulations, and policies as they pertain to information security and providing advice and assistance to internal and external partners and affiliates.
· Identifying potential risk issues and recommending improvements or appropriate internal controls.
Qualifications, Education and Certification
To qualify, candidates must have:
· 2-3 years working experience in an information security, IT audit or IT risk management related role.
· CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor or comparable certifications.
· Knowledge of IT Risk and Security governance frameworks such as ISO 27001, NIST cybersecurity framework, PCI, and HIPAA.
· Understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
· Experience writing Perl, Python, scripting, programming, or other languages is a plus.
· Experience with Databases, SQL knowledge is a plus.
· Understanding of risks in banking / financial services sector are an added advantage.
· Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs.
职能类别: 其他
公司介绍
Welcome to EY
At EY, our 175,000 professionals work together to deliver assurance, tax, transaction and consulting services. We are united by our shared values and an unwavering commitment to quality.
Working at EY
We are a global professional services organization that provides a broad array of assurance, tax, transactions and advisory services.
We are committed to doing our part in building a better working world for our people, for our clients and for our communities, and we are united by our shared values and a dedication to delivering exceptional client service.
Lifelong relationships at EY
We want you to gain more career value from your time spent with EY than you would from any other employer. This is why we work hard to build and sustain the kind of culture that provides a wide array of learning and development opportunities, gives you experience of working with a diverse group of colleagues and clients, and provides the chance to build lifelong relationships that will be valuable to you wherever your career takes you.
Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
At EY, our 175,000 professionals work together to deliver assurance, tax, transaction and consulting services. We are united by our shared values and an unwavering commitment to quality.
Working at EY
We are a global professional services organization that provides a broad array of assurance, tax, transactions and advisory services.
We are committed to doing our part in building a better working world for our people, for our clients and for our communities, and we are united by our shared values and a dedication to delivering exceptional client service.
Lifelong relationships at EY
We want you to gain more career value from your time spent with EY than you would from any other employer. This is why we work hard to build and sustain the kind of culture that provides a wide array of learning and development opportunities, gives you experience of working with a diverse group of colleagues and clients, and provides the chance to build lifelong relationships that will be valuable to you wherever your career takes you.
Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
联系方式
- 公司地址:上海市浦东新区世纪大道100号上海环球金融中心50楼 (邮编:200120)
- 电话:15950111573