北京招聘

Information Security Manager will drive compliance with CIS security controls in their business unit/region/country/functional area which they represent. The ISO will serve as a trusted and influential information security advisor to senior-level business management in a large organization.

Why this role is important to us:

ISOs drive business unit compliance with security policies and information security supplemental requirements. ISOs support business units, business areas, or functional areas as determined by the business unit to which they report. ISOs coordinate and assist with issues, escalations and security recommendations from the business unit ISAs

ISO roles and responsibilities are defined under five (5) domain areas; Information Security Program Support, Risk and Incident Management, Measurement, Communication and Education. The following details the objective and specific responsibilities for each domain。

 

What you will be responsible for:

Information Security Program Support

Objective: Support the development and management of the information security program within the business unit

 Provide input and support the development and management of the information security program and strategy, playing a key role in information security program activitiy

.Review and communicate known information security control issues to business area management, and provide support through remediatio

Oversee the work of the business unit Information Security Administrator(s) (ISA)

Risk and Incident Management

Objective: Support risk and incident management activities within the business uni

Provide information security risk review of lifecycle processes such as ASAP, ISRMP, TPRM, BCP, SDLC, Change and Project management

 Participate in security incident response program representing the business area to detect and respond to incidents in a timely manner. Post incident, provide support to the business to identify control gaps.

 Review and approve non-standard access for high risk access (e.g. blocked web sites, mass storage, application access, non-standard device and non-expiring passwords, process and system IDs

 Support business lines in developing responses to audit and regulatory inquiries about security control

 Participate in the onboarding of applications, including review and signoff of onboarding templates, per the SailPoint Application Integration Schedule

 Support process and application owners in the remediation of identified business control failures (including CATS/audit issue

.Establish and agree on appropriate reporting with senior management to give a view of the state of information security throughout the business uni

 Complete the quarterly ISO maturity assessment to provide a clear understanding of the maturity of the implementation of the ISO framewor

 Identify failed business controls and provide support on remediation to drive compliance with information security supplemental requirements

 Create development plans for all information security administrators to ensure continual improvemen

Communication and Education

Objective: Establish internal and external communication channels that support information securit

 Report significant changes in information security risk to appropriate level of management for acceptance on both a periodic and an event driven basis, Maintain up to date knowledge of evolving information security threat landscape and provide information security awareness, training and education to key stakeholder

 Provide regular communication on threat intelligence relevant to the business unit, and issue guidance on supporting controls.

 Demonstrate a commitment to information security by obtaining additional training and staying current with information security technologies and practice

 Design and develop an interactive and engaging program for information security awareness and training, which is relevant to the business unit and encompasses the current threat landscape

Education & Preferred Qualifications:

•  should possess the following skills/experienc,  Bachelor’s degree or equivalent

•  7 to 9  years of information security experience, Financial services experience a plus

•  Business concepts including financial, business requirements, compliance and risk management

• Strong analytical, communication, research and organizational skill

• Strong computer skills including knowledge of word processing, spreadsheet, email and collaborative tools

• Ability to manage multiple priorities while maintaining attention to detail

•  CISA, CISM, CRISC, CISSP, SSCP or similar certification a plus

About State Street
What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we’re making our mark on the financial services industry. For more than two centuries, we’ve been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients.
Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You’ll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential.
Inclusion, Diversity and Social Responsibility. We truly believe our employees’ diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you.
State Street is an equal opportunity and affirmative action employer.