长沙招聘

职位描述：

Reports to: Director IT Security APAC, Global IT Security
Business Unit: BE
Location: Shanghai
Subordinates: N/A

Primary Purpose:
The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the increasing cybersecurity threat landscape.
The Information Security Governance, Risk Management & Compliance (GRC) Manager is a position reports to the APAC Information Security Director with responsibility for G/R/C initiatives and related services in APAC, while physically sit in Shanghai. The primary responsibility of this position include but not limited to create and carry on executing APAC IT security strategy which align and compliment global security strategy to better support the APAC growth strategy; as a bridge to build a strong relationship with core teams in APAC business units’ IT leaders and other core functional departments when necessary. This role need interact with IT and business stakeholders to understand risks to critical infrastructure and applications, by defining potential business impact with the responsibility to apply effective mitigation strategies through vulnerability management.

Responsibilities:

1. Maintain the strategic road map for APAC IT security and measure program effectiveness;
2. Lead security governance, risk mgmt. and compliance initiatives, ensure that JCI security policies and guidelines are implemented and complemented by local security instructions;
3. Create a "security culture" and security awareness among all employees in the organization.
4. Maintain and facilitate the security policy implementation in APAC region.
5. Establish and maintain relationships with stakeholders including regional IT leadership team, global IT leadership;
6. Work with regional IT teams to encourage a security mindset throughout business process from concept, implementation and operations;
7. Maintain documentation of the IT Risk program and any exceptions for regulatory APAC compliance wherever needed;
8. Identify and remediate critical risks resides in IT and business processes, with feed into the risk register repository.
9. Assist in due diligence processes to perform risk assessments of JV, vendors and partners, when requested;
10. Build and maintain security metrics that relate to all functions within GIS across APAC.
11. Manage business unit and joint venture relationships relating to additional security services as required (e.g., risk assessment);
12. Document results of security risk assessment and formally present to internal clients;
13. Report to Global Information Security management concerning residual risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance;
14. Understand current regulatory environment and related implications to security management compliance;
15. Develop security processes and procedures and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained;
16. Participate in security investigations and compliance reviews as requested by internal or external auditors;
17. Research and assess new threats and security alerts and recommend remedial action;
18. Build and maintain effective communications between GIS Global, GIS APAC and APAC stakeholders.

Requirements:

1. Attitude comes as a critical criteria before any other professional capabilities, ability to analyze the situation, proactively lead a team to achieve the desired result.
2. The successful candidate will be a passionate information security professional capable of leading a Governance, Risk Management, and Compliance function with the ability to communicate to different business and IT leaders including the Chief Information Security Officer (CISO) and Chief Information Officer (CIO). The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change leader. Given the emphasis on talent development, the candidate will also have a passion for managing and developing people.
3. The candidate will possess a high degree of business acumen and must have a “real world” perspective in order to effectively interact with the leaders in the Business Units.
4. The candidate must possess the following experience, skills and competencies:
5. A minimum bachelor degree in business, engineering or computer science discipline and advance degree would be even nice, i.e. MBA;
6. 10 years of technology experience in the Information Security and IT Security areas;
7. One or more, current Information Security related certifications; CISSP, CISA, CISM, GIAC, etc. required;
8. Demonstrated experiences with IT Governance, Risk Management, and Compliance;
9. Knowledge of information security related framework.
10. Analytical thinking with the ability to correlate and process various types of information and data;
11. Security accreditation from a globally recognized Security Institution and a member in good standing from a recognize security organization;
12. Experience with open source and/or commercial security management tools;
13. Experience in the definition and implementation of strategic information security plans;
14. 4+ years of proven experience in working with global teams in large organizations and leading a regional team. Preferably in a Fortune 500 organization;
15. Team member with good communication skills and the ability to communicate to technical and non-technical audiences at different seniority levels;
16. Ability to create and maintain good business relationships with counter parts, customers and external entities to achieve the security incident management goals;
17. Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters;
18. Strong experience in the making risk based decisions;
19. Ability to translate business requirements and priorities into security architecture standards
20. Strong team skills and ability to listen and build consensus and collaborate with business, IT and security groups;
21. Strong communication and presentation skills;
22. Ability to translate security concepts into business language and present to audiences of varied technical skill levels;
23. Demonstrated ability to multi-task and respond rapidly to breaking or emergent situations
24. Language skills (Must have fluent English, Chinese Fluent)
25. International Work Experience or work in F500 MNC.

举报 分享

关于江森自控
在江森自控，我们致力于改善人们的生活、工作、学习和娱乐环境。江森自控致力于可持续发展，公司承诺在2040年前实现净零碳排放。作为智慧、健康和可持续建筑的全球领导者，我们凭借超过135年的创新经验，运用全面的数字化解决方案OpenBlue及建筑科技领域完整的产品和解决方案组合，为医疗、教育、数据中心、机场、体育场和生产制造等众多领域实现可持续发展的蓝图。江森自控在全球150多个国家拥有100,000名专业员工，旗下拥有多个业内值得信赖的品牌。
亚太区概况
通过广泛的业务网络和足迹，江森自控致力于为该地区的客户提供全方位的卓越服务:
29家制造工厂
10处研发基地
260多个分支机构
28000多名员工
*以上数据包含江森自控和江森自控日立空调
公司在中国拥有：
9000多名员工
9家制造工厂
3处研发基地
40多个办事处
100多个销售支持点
我们的价值观
诚信为先
我们承诺诚实和透明。我们坚持***诚信标准并信守我们做出的承诺。
客户至上
客户成功，我们才能成功。长期战略合作关系带来的独特洞见和实力，让我们能够创造卓越的客户体验与解决方案。
使命为本
我们坚信利成于益，勇于承担：通过我们提供的解决方案、我们对社会的奉献、我们开展业务的方式以及我们对保护人民和环境的承诺让世界变得更加美好。
着眼未来
我们的创新和持续改进文化激励我们在解决当今挑战的同时，不断思考“接下来会发生什么”。
同一个团队
我们是同一个团队，致力于团结协作，创造高效适用的解决方案，推动世界进步。