北京招聘

Define security strategy & action plans, apply, interpret and develop Information Security policy and standards

According to the requirements of the company's informatization development strategy, plan the company's information security development, and organize the implementation of the information security management system

Responsible for assisting in the formulation and updating of the company’s information security management system and conducting audits and audits on a regular or irregular basis.

Identify opportunities to improve the security posture of company by developing close relationships with the development and infrastructure operations teams

Lead and implement information security program including the action plan and scorecard from a technical perspective.

Provide advice, capability, governance, oversight and risk management to ensure that Information Security policy and standards are complied with for business processes and systems.

Refine processes and standards for the identification, risk assessment and remediation of vulnerabilities

Conduct security assessment for IT projects and/or IT vendors and ascertain the incorporation of appropriate security controls.

Ensure new IT vendors are compliant with all Company Information Security and Privacy requirements.

Provide support on security operation services

Responsible to security incidents and provide guidance and/or capability for Information Security issue resolution

Drive Compliance of company policy and ensure information confidential

Qualification:

Bachelor or above in Computer Science, IT Security, Information Technology, Information System with at least 5 years of relevant working experience in Information Security field.

Broad security knowledge across common industry security standards

Expert knowledge of local Data Privacy legislation and how this impacts business operations

Expert knowledge of IT Security controls and industry best practices in IT security

Broad knowledge of potential information risks for the country organization, its co-workers, customers and suppliers and how Information Security can mitigate these risks

Professional certifications from ISACA (CISA, CISM), (ISC)2 (CISSP), PMP, or SANS strongly preferred.

Strong analytical, interpersonal, communication, writing and presentation skills.

High level of proficiency with vulnerability management, including network, infrastructure and code level vulnerabilities

Demonstrable experience in the following: risk management, project management, and business process management, vendor and outsourced services management experience

Experienced skills relative to security and policy legalities