Information and Cyber Security Officer
韦莱保险经纪有限公司
- 公司规模:10000人以上
- 公司性质:外资(欧美)
- 公司行业:保险
职位信息
- 发布日期:2022-06-22
- 工作地点:上海-浦东新区
- 工作经验:8-9年经验
- 学历要求:本科
- 职位月薪:3-4万
- 职位类别:网络安全工程师
职位描述
About WTW
WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 45,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA.
The Role
This role will directly support the Global Information and Cyber Security (ICS) Group within WTW. Within this group you will use your skills and experience to support delivery of information and cyber security services such as but not limited to compliance, incident response, projects and consultancy within China and Asia Pacific region. You will work closely with ICS subject matter experts, executive business management, Internal Audit, Compliance and risk functions, Privacy, Information Technology and other internal key stakeholders.
Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security. You must also be an excellent communicator, a supportive team player, resourceful and adaptive to change.
The Responsibility
This role will support the delivery of the Information and Cyber Security Compliance function and will therefore include activities such as:
Regulatory and audit compliance
? Proactively maintain visibility and track relevant state and industry laws, regulations and national standards in China including administrative regions such as Hong Kong, Macau and Taiwan.
? Ascertain security and technology requirements from relevant regulations
? Map security and technology requirements against internal policies and controls
? Determine and maintain collaborative communication with control owners/operators.
? Conduct assessment of security and technology gaps
? Define reasonable and appropriate expected outcome for security and technology requirements identified
? Determine and/or devise appropriate action/remediation plans where appropriate for identified gaps
? Provide support and expertise to the business and other corporate functions for relevant Request for Information (RFI), questionnaires/surveys, and/or audits from the regulators where necessary
? Assist in the coordination or facilitation of relevant audit programs where necessary – e.g. ISO 27001, SOC2, etc…
Information and Cybersecurity Compliance and Control Program
? Assist in implementing various ICS Compliance programs and reporting
? Provides input and assist in shaping and improving Information and Cyber Security Compliance and Control framework and processes
? Provide input into business strategy to ensure that information & cyber security is included as part of business change and security portfolio to meet segment needs.
? Build and maintain effective relationship with a Segment and Technology stakeholders.
? Be the voice of Information and Cyber Security in the business and the voice of the business within Information and Cyber Security.
? Manage and oversee ad hoc projects related to enhancing information and data security controls for business to meet compliance.
? Assess compliance with information security strategies when migrating applications into a cloud environment.
Cross-Functional Collaboration
? Coordinate with other compliance functions – like Audit and legal (Compliance and Privacy) – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
? Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
? Assist in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits
? Support and liaise with other ICS functions such as client assurance, supplier risk, ICS Projects, security consultancy, for China business entities.
The Requirement
Skills and experience required:
? Technical expertise and experience in implementing security controls
? Demonstrable experience in analyzing and applying regulatory requirements to security practices
? Familiarity with China’s IT, security and privacy related regulations such as China Cyber Security Law, Multi-Level Protection Scheme, Cross border requirements and other associated national standards
? Familiarity with other Information Security and Data Privacy regulations in Asia Pacific and EMEA is preferred such as but not limited to GDPR, FCA, various data privacy laws, data localization/cross border regulations, cloud control requirements, etc..
? Familiarity with changes and trends in the regulatory landscape.
? Demonstrable ability to lead and execute across a range of business and functions with differing issues and interests.
? Sound knowledge in the implementation and compliance to Information Security industry best practices and standards including but not limited to, ISO 27001, ISF, Cobit, PCI-DSS, SOC1/2/3, etc..
? Strong Project Management skills and experience
? Excellent writing, presentation, and communication skills
? Experience with IT audit functions and IT controls are preferable
? Proven ability to work in global collaborative group environment
? Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales
? Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s
? Excellent analytical problem-solving skills
? Knowledge of IT operations and/or system or network administration
? Experience of working in a regulated environment, not necessarily insurance or financial services are preferable
? Knowledge on risk assessment processes, methodologies and framework such as IRAM, ISO 27005/31000
Behaviours:
? Strong desire to continue to learn
? Resourcefulness and organizational agility
? Global team player with good interpersonal and influencing skills
? Customer Focus/ Relationship Management
? Personal learning
? Organized and methodical
? Integrity and Trust
Qualifications:
? Qualified to degree level, in IT or security related subject.
? At least 7 years’ work experience in Information Security.
? Information security certifications (e.g. CISSP, CISA, CRISC, CISM,) are preferable
? Project Management certification (e.g. PMP) is also preferable
? Fluent in speaking in both Chinese and English languages is REQUIRED.
? Ability to speak other Asian Non-English language (e.g. Japanese) is preferred.
Equal Opportunity Employer
WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 45,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA.
The Role
This role will directly support the Global Information and Cyber Security (ICS) Group within WTW. Within this group you will use your skills and experience to support delivery of information and cyber security services such as but not limited to compliance, incident response, projects and consultancy within China and Asia Pacific region. You will work closely with ICS subject matter experts, executive business management, Internal Audit, Compliance and risk functions, Privacy, Information Technology and other internal key stakeholders.
Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security. You must also be an excellent communicator, a supportive team player, resourceful and adaptive to change.
The Responsibility
This role will support the delivery of the Information and Cyber Security Compliance function and will therefore include activities such as:
Regulatory and audit compliance
? Proactively maintain visibility and track relevant state and industry laws, regulations and national standards in China including administrative regions such as Hong Kong, Macau and Taiwan.
? Ascertain security and technology requirements from relevant regulations
? Map security and technology requirements against internal policies and controls
? Determine and maintain collaborative communication with control owners/operators.
? Conduct assessment of security and technology gaps
? Define reasonable and appropriate expected outcome for security and technology requirements identified
? Determine and/or devise appropriate action/remediation plans where appropriate for identified gaps
? Provide support and expertise to the business and other corporate functions for relevant Request for Information (RFI), questionnaires/surveys, and/or audits from the regulators where necessary
? Assist in the coordination or facilitation of relevant audit programs where necessary – e.g. ISO 27001, SOC2, etc…
Information and Cybersecurity Compliance and Control Program
? Assist in implementing various ICS Compliance programs and reporting
? Provides input and assist in shaping and improving Information and Cyber Security Compliance and Control framework and processes
? Provide input into business strategy to ensure that information & cyber security is included as part of business change and security portfolio to meet segment needs.
? Build and maintain effective relationship with a Segment and Technology stakeholders.
? Be the voice of Information and Cyber Security in the business and the voice of the business within Information and Cyber Security.
? Manage and oversee ad hoc projects related to enhancing information and data security controls for business to meet compliance.
? Assess compliance with information security strategies when migrating applications into a cloud environment.
Cross-Functional Collaboration
? Coordinate with other compliance functions – like Audit and legal (Compliance and Privacy) – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.
? Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
? Assist in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits
? Support and liaise with other ICS functions such as client assurance, supplier risk, ICS Projects, security consultancy, for China business entities.
The Requirement
Skills and experience required:
? Technical expertise and experience in implementing security controls
? Demonstrable experience in analyzing and applying regulatory requirements to security practices
? Familiarity with China’s IT, security and privacy related regulations such as China Cyber Security Law, Multi-Level Protection Scheme, Cross border requirements and other associated national standards
? Familiarity with other Information Security and Data Privacy regulations in Asia Pacific and EMEA is preferred such as but not limited to GDPR, FCA, various data privacy laws, data localization/cross border regulations, cloud control requirements, etc..
? Familiarity with changes and trends in the regulatory landscape.
? Demonstrable ability to lead and execute across a range of business and functions with differing issues and interests.
? Sound knowledge in the implementation and compliance to Information Security industry best practices and standards including but not limited to, ISO 27001, ISF, Cobit, PCI-DSS, SOC1/2/3, etc..
? Strong Project Management skills and experience
? Excellent writing, presentation, and communication skills
? Experience with IT audit functions and IT controls are preferable
? Proven ability to work in global collaborative group environment
? Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales
? Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s
? Excellent analytical problem-solving skills
? Knowledge of IT operations and/or system or network administration
? Experience of working in a regulated environment, not necessarily insurance or financial services are preferable
? Knowledge on risk assessment processes, methodologies and framework such as IRAM, ISO 27005/31000
Behaviours:
? Strong desire to continue to learn
? Resourcefulness and organizational agility
? Global team player with good interpersonal and influencing skills
? Customer Focus/ Relationship Management
? Personal learning
? Organized and methodical
? Integrity and Trust
Qualifications:
? Qualified to degree level, in IT or security related subject.
? At least 7 years’ work experience in Information Security.
? Information security certifications (e.g. CISSP, CISA, CRISC, CISM,) are preferable
? Project Management certification (e.g. PMP) is also preferable
? Fluent in speaking in both Chinese and English languages is REQUIRED.
? Ability to speak other Asian Non-English language (e.g. Japanese) is preferred.
Equal Opportunity Employer
职能类别:网络安全工程师
公司介绍
WTW (NASDAQ: WTW) is in the business of people, risk and capital. With roots dating to 1828, our company has over 45,000 colleagues serving more than 140 countries and markets. Our values – client focus, teamwork, integrity, respect and excellence – underlie all that we do, including how we behave and interact with each other. They are part of our WTW DNA.
联系方式
- 公司地址:上海市浦东新区世纪大道1198号世纪汇一座11楼 (邮编:200122)
- 电话:13917700621