长沙招聘

职位描述：

About Risk Assurance
Business today is increasingly complex - from the way organisations are managed and structured, through increasing integration with business partners and service providers, to the ever greater levels of reliance placed on underlying information systems and business processes. In addition, new regulations - domestic and international - are placing a greater emphasis on the effectiveness of internal controls, and this often requires independent assurance. You will provide value-added insights that help to improve system and business control effectiveness across various organisations.

Job Responsibilities:

We are currently looking for individuals with strong information security technic, information technology risk background.
· providing technical assessment on client IT infrastructure and application systems, including vulnerability scanning, penetration testing(Web and Mobile), etc.；
· analysing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.) for information security purpose;
· designing, assessing technology risk and information security management framework, strategy, policies, standards, procedures, and may involve in implementing solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions;
· flexible using professional technical and management methods to provide customized information technology security and IT risk consulting services, and
You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilising our practice methodology to assess our client's operations. You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations. The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.

Requirements:

· University degree majoring in information systems, computer science, engineering, statistics, and/or information management;
· Information security technical perspective:·Practical experience and working knowledge on popular technical security assessment tools, including but not limited to: Nessus, Nmap, Acunitrx, Burp Suite, SQLmap, Metasploit, Wireshark, Aircrack-ng, etc.
·Practical experience and woring knowledge in Web Penatration Test and Mobile Penatration Test (e.g., IOS, Android);
·Practical experience and working knowledge in Network Scan and infrastructure design review;
·Practical experience and working knowledge in code review;
· Information security management/operation perspective:·Practical experience and working knowledge in two or more of the following - IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM;
·Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, Oracle and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
· Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
· Professional qualifications, such as CISA, CISM, CISSP, CEH, CISP or other security related qualifications is a plus;
· Minimum of 4 years of security assessment / security design with a reputable professional / consulting firm or multi-national corporations; (Candidate with less years of experience will be considered for Senior Associate or Associate positions);
· Excellent communication skills in both oral and written English and Chinese; （ Candidate with excellent security technic and experience can be considered if he/she is not fluent in English）
· Flexible, self-starter possessing intellectual curiosity;
· Ability to interact with executive levels of client and firm management;
· Effective project management, interpersonal and influencing skills are essential; and
· Flexibility to travel to out-of-town engagements.

举报 分享

普华永道 - 中国內地、中国香港及中国澳门
普华永道中国內地、中国香港及中国澳门成员机构根据各地适用的法律协作运营。整体而言，员工总数超过17,000人，其中包括超过600名合伙人。
   
无论客户身在何处，普华永道均能提供所需的专业意见。我们实务经验丰富、高素质的专业团队能聆听各种意见，帮助客户解决业务问题，发掘并把握机遇。我们的行业专业化有助于就客户关注的领域共创解决方案。

我们分布于以下城市：北京、上海、香港、沈阳、天津、大连、济南、青岛、郑州、西安、南京、合肥、苏州、武汉、成都、杭州、宁波、重庆、长沙、昆明、厦门、广州、深圳、澳门、海口。