长沙招聘

Responsibilities：

We are currently looking for individuals with strong information security technic, information technology risk background.

• Providing technical assessment on client IT infrastructure and application systems, including vulnerability scanning, penetration testing(Web and Mobile), etc.；
• Analyzing complex client server systems and multi-platform infrastructure and application systems (including operating system, database, web server, firewall and router, electronic trading / banking systems, etc.) for information security purpose;
• Designing, assessing technology risk and information security management framework, strategy, policies, standards, procedures, and may involve in implementing solutions such as Enterprise-wide Identity & Access Management (I&AM), Data Loss Prevention (DLP) and Security Information & Event Management (SIEM) solutions;
• Flexible using professional technical and management methods to provide customized information technology security and IT risk consulting services.
• You will be expected to take a consultant's approach to the attest / assurance process of a client's operations utilizing our practice methodology to assess our client's operations. You will be responsible for conveying pragmatic solutions to our client's complex business problems through the use of written reports and presentations. The opportunity will be available for you to develop your responsibility in supervising, coaching, developing and leading teams and individual team members.

我们正在招聘在信息安全技术及信息技术风险管理这两个领域具有丰富经验的人士，具体职责包括：

• 为客户提供有关其IT基础设施和应用系统的技术评估，包括：漏洞扫描，Web及Mobile渗透测试等；
• 基于信息安全的目的而出发，来分析复杂的客户端服务器系统和多平台的基础设施和应用系统（包括操作系统，数据库，网络服务器，防火墙和路由器，电子交易/银行系统等）；
• 设计，评估，实施基于风险的IT技术架构与信息安全架构，策略，制度、标准及流程等，并可能参与实施企业信息安全关键组件或者系统，譬如企业级身份验证系统（I&AM），数据泄露保护解决方案（DLP），安全事件管理系统（SIEM）等；
• 灵活运用信息安全专业技术与信息安全管理体系的相关方法为客户提供定制化的信息安全与IT风险技术咨询服务；
• 将需要采取咨询的流程来利用我们的实践方法论，从而为客户进行鉴证/保证类型的工作，以评估客户的业务流程或者信息安全体系。您将负责通过采用书面报告和演示文稿展示针对我们的客户的复杂的业务问题的可行的解决方案。您需要承担监督，指导和领导团队和团队成员的责任。

Requirements：

• University degree majoring in information systems, computer science, engineering, statistics, and/or information management;
• Information security technical perspective:
• Practical experience and working knowledge on popular technical security assessment tools, including but not limited to: Nessus, Nmap, Acunitrx, Burp Suite, SQLmap, Metasploit, Wireshark, Aircrack-ng, etc.
• Practical experience and working knowledge in Web Penetration Test and Mobile Penetration Test (e.g., IOS, Android);
• Practical experience and working knowledge in Network Scan and infrastructure design review;
• Practical experience and working knowledge in code review;
• Information security management/operation perspective:
• Practical experience and working knowledge in two or more of the following - IT auditing, information security management, IT / technology risk management, design and implementation of security solutions such as I&AM, DLP and SIEM;
• Familiar with security and control for technologies / enterprise applications: Unix, Windows, Firewall, Routers, Oracle and/ or evaluating and implementing information security management, IT service management and IT governance framework using ISO27001, ISO20000, ITIL and COBIT respectively;
• Strong fluency in information technology general controls concepts in the areas of systems development, change management, computer operations and access to programs and data; ability to identify and assess business process controls and linkage to IT systems;
• Professional qualifications, such as CISA, CISM, CISSP, CEH, CISP or other security related qualifications is a plus;
• Minimum of2 years of security assessment / security design with a reputable professional / consulting firm or multi-national corporations;
• Excellent communication skills in both oral and written English and Chinese; （ Candidate with excellent security technic and experience can be considered if he/she is not fluent in English）
• Flexible, self-starter possessing intellectual curiosity;
• Ability to interact with executive levels of client and firm management;
• Effective project management, interpersonal and influencing skills are essential; and
• Flexibility to travel to out-of-town engagements.

• 候选人为本科及本科以上学历，信息系统，计算机科学，工程，统计学，和/或信息管理专业;
• 信息安全技术角度、领域的要求：
• 具有流行安全评估工具的实际工作经验，包括: Nessus, Nmap, Acunitrx, Burp Suite, SQLmap, Metasploit, Wireshark, Aircrack-ng等.
• 具有Web渗透测试以及Mobile渗透测试(e.g., IOS, Android)的实操经验;
• 具有网络扫描及基础架构设计审阅的实操经验;
• 具有代码扫描的实操经验;
• 信息安全管理体系、信息安全运行体系角度、领域的要求：
• 具有以下两个或多个领域的实际工作经验：信息安全管理，IT/系统风险管理，安全解决方案的设计和实施，例如：身份验证系统（I&AM），数据防泄漏保护（DLP），安全事件管理（SIEM），网络和系统渗透测试，应用安全测试和代码评估；
• 熟悉各类技术/企业应用程序的安全和控制：UNIX，Windows和防火墙，路由器，SAP，Oracle，和/或使用ISO27001，ISO20000，ITIL和COBIT治理框架来评估和实施信息安全管理，IT服务管理；
• 熟悉信息技术一般控制概念，包括系统开发，变更管理，计算机操作和程序和数据访问领域；能够识别和评估业务流程控制和IT系统接口关系；
• 专业信息安全相关认证，如CISA，CISM，CISSP，CEH，CISP或其他安全相关的资格会是一项加分项；
• 最少2年安全评估/安全设计，知名专业/咨询公司或跨国公司工作经验;
• 优秀的英语和中文的口头和书面沟通能力（如申请人在信息安全技术领域的经验及技术较为出众，可以降低他/她在英语方面的能力要求）;
• 工作灵活主动，具有求知欲;
• 具备与客户高层沟通的能力
• 具有良好的项目管理能力
• 可以适应出差

普华永道 - 中国內地、中国香港及中国澳门
普华永道中国內地、中国香港及中国澳门成员机构根据各地适用的法律协作运营。整体而言，员工总数超过17,000人，其中包括超过600名合伙人。
   
无论客户身在何处，普华永道均能提供所需的专业意见。我们实务经验丰富、高素质的专业团队能聆听各种意见，帮助客户解决业务问题，发掘并把握机遇。我们的行业专业化有助于就客户关注的领域共创解决方案。

我们分布于以下城市：北京、上海、香港、沈阳、天津、大连、济南、青岛、郑州、西安、南京、合肥、苏州、武汉、成都、杭州、宁波、重庆、长沙、昆明、厦门、广州、深圳、澳门、海口。