高级信息安全分析师I
联邦快递(中国)有限公司
- 公司规模:5000-10000人
- 公司性质:外资(欧美)
- 公司行业:交通/运输/物流
职位信息
- 发布日期:2024-02-01
- 工作地点:北京·朝阳区
- 工作经验:5-7年
- 学历要求:本科
- 职位月薪:1.3-1.8万·13薪
- 职位类别:网络信息安全工程师
职位描述
Job Title: Information Security Analyst-Senior I
Work Location:
CN (Guangzhou, Shanghai, Beijing)
FedEx Information Security (InfoSec) ensures the security of the enterprise systems and data, through business agility, system reliability, and information security controls to enable the business to deliver the Purple Promise. The Global InfoSec team strives to protect the enterprise from cyber threats, secure business operations, and ensure global regulatory compliance.
APAC (Asia Region) Information Technology (IT) InfoSec team is responsible for developing regional specific security patterns and secure Enterprise services that will be hosted locally to meet regulation requirements and liaise between the business, IT, and regulatory authorities to help both parties understand security nuances and compliance requirements. The team will also work with internal customers and the global InfoSec team to improve availability of infosec services for the AMEA region.
Job Descriptions:
The roles and responsibility have been described as follows:
Key Responsibilities
● Lead compliance implementation and tracking to meet regulatory / governance requirements.
● Work with International/AMEA/ InfoSec/Legal/IT to align on solutions & implementation to ensure FedEx's compliance to all laws and regulations and increase security posture.
● Provide information security leadership to ensure compliance to laws and regulations based on FedEx Data Security Committee’s guidelines.
● Develop, maintain, and improve security patterns specific to the AMEA region based on regulatory compliance requirements and business need in the technology ecosystem.
● Provide risk-based decision-making guidance to leadership team on both cyber security and regulatory issues.
● Reduce risk to FedEx business within region by implementing segmentation capabilities and business continuity plans.
● Assist in secure design and maintenance of operational systems including access and authorization, logging, intrusion prevention, vulnerability management and disaster recovery.
● Assist in driving effective and defensible security design for operational systems including firewall design, two factor authentication, role-based access, logging, and monitoring.
● Understand Data Protection Options including Data Loss Prevention and Encryption strategy for systems and applications.
● Understand regulatory compliance requirements and track implementation requirements.
● Lead Vulnerability Reporting and Remediation.
● Understand and roll out InfoSec standards globally and provide enforcement reporting to the business and leadership.
● Provide in depth knowledge of Network Security Design Principles, Segmentation and Vulnerability Management for Network Devices.
● Use knowledge of existing security posture and systems design to drive Security Incident Management scenarios.
● Provide support for Information Security FIRST process including advising and issue tracking remediation.
● Provide advice to business and IT to support the execution of the strategies, plans, and tasks developed by Data Security Committee.
Training and awareness
● Design, develop and roll out the information security and privacy elementary training module.
● Support the Global InfoSec to design, develop and roll out targeted awareness trainings for specific groups.
● Work with Internal Communication to prepare privacy newsletters and other awareness campaigns.
● Develop, with limited supervision, communication material to increase awareness.
This role is focused on delivery management, and therefore needs to be able to work at many levels. You will help the business to achieve compliance, data protection, and effective information management in accordance with the regulations including General Data Protection Regulation (GDPR), Cyber Security Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL), and other applicable data protection laws and regulations.
1. Geographic Remit – AMEA
2. May be required to perform other duties as assigned.
Requirement:
● Preferably Bachelor's degree or equivalent in Computer Science or related discipline
● Proficiency in English comprehension
● Proficiency in Mandarin comprehension
● Preferably with minimum 5 – 9 years of work experience especially in application support, cyber security, or regulatory compliance
● Preferably have Analytical Skills; Planning & Organizing Skills; Project Management Skills; Interpersonal Skills; Accuracy & Attention to Detail
● Preferably have practical knowledge in using ServiceNow Modules and Microsoft Office, particularly in Power BI, Power Automate
● Preferably have practical experience in implementing LEAN, AGILE and Design Thinking
● Preferably have practical experience in implementing Robotic Process Automation (RPA)
● Flexibility to work as part of larger team to accomplish organizational goals
● CISSP, CCSP, or other industry certifications preferred
● Prior experience with firewalls, Active Directory, Zero-Trust, Secure Service Edge, Public Cloud, and other related security infrastructure a plus
Work Location:
CN (Guangzhou, Shanghai, Beijing)
FedEx Information Security (InfoSec) ensures the security of the enterprise systems and data, through business agility, system reliability, and information security controls to enable the business to deliver the Purple Promise. The Global InfoSec team strives to protect the enterprise from cyber threats, secure business operations, and ensure global regulatory compliance.
APAC (Asia Region) Information Technology (IT) InfoSec team is responsible for developing regional specific security patterns and secure Enterprise services that will be hosted locally to meet regulation requirements and liaise between the business, IT, and regulatory authorities to help both parties understand security nuances and compliance requirements. The team will also work with internal customers and the global InfoSec team to improve availability of infosec services for the AMEA region.
Job Descriptions:
The roles and responsibility have been described as follows:
Key Responsibilities
● Lead compliance implementation and tracking to meet regulatory / governance requirements.
● Work with International/AMEA/ InfoSec/Legal/IT to align on solutions & implementation to ensure FedEx's compliance to all laws and regulations and increase security posture.
● Provide information security leadership to ensure compliance to laws and regulations based on FedEx Data Security Committee’s guidelines.
● Develop, maintain, and improve security patterns specific to the AMEA region based on regulatory compliance requirements and business need in the technology ecosystem.
● Provide risk-based decision-making guidance to leadership team on both cyber security and regulatory issues.
● Reduce risk to FedEx business within region by implementing segmentation capabilities and business continuity plans.
● Assist in secure design and maintenance of operational systems including access and authorization, logging, intrusion prevention, vulnerability management and disaster recovery.
● Assist in driving effective and defensible security design for operational systems including firewall design, two factor authentication, role-based access, logging, and monitoring.
● Understand Data Protection Options including Data Loss Prevention and Encryption strategy for systems and applications.
● Understand regulatory compliance requirements and track implementation requirements.
● Lead Vulnerability Reporting and Remediation.
● Understand and roll out InfoSec standards globally and provide enforcement reporting to the business and leadership.
● Provide in depth knowledge of Network Security Design Principles, Segmentation and Vulnerability Management for Network Devices.
● Use knowledge of existing security posture and systems design to drive Security Incident Management scenarios.
● Provide support for Information Security FIRST process including advising and issue tracking remediation.
● Provide advice to business and IT to support the execution of the strategies, plans, and tasks developed by Data Security Committee.
Training and awareness
● Design, develop and roll out the information security and privacy elementary training module.
● Support the Global InfoSec to design, develop and roll out targeted awareness trainings for specific groups.
● Work with Internal Communication to prepare privacy newsletters and other awareness campaigns.
● Develop, with limited supervision, communication material to increase awareness.
This role is focused on delivery management, and therefore needs to be able to work at many levels. You will help the business to achieve compliance, data protection, and effective information management in accordance with the regulations including General Data Protection Regulation (GDPR), Cyber Security Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL), and other applicable data protection laws and regulations.
1. Geographic Remit – AMEA
2. May be required to perform other duties as assigned.
Requirement:
● Preferably Bachelor's degree or equivalent in Computer Science or related discipline
● Proficiency in English comprehension
● Proficiency in Mandarin comprehension
● Preferably with minimum 5 – 9 years of work experience especially in application support, cyber security, or regulatory compliance
● Preferably have Analytical Skills; Planning & Organizing Skills; Project Management Skills; Interpersonal Skills; Accuracy & Attention to Detail
● Preferably have practical knowledge in using ServiceNow Modules and Microsoft Office, particularly in Power BI, Power Automate
● Preferably have practical experience in implementing LEAN, AGILE and Design Thinking
● Preferably have practical experience in implementing Robotic Process Automation (RPA)
● Flexibility to work as part of larger team to accomplish organizational goals
● CISSP, CCSP, or other industry certifications preferred
● Prior experience with firewalls, Active Directory, Zero-Trust, Secure Service Edge, Public Cloud, and other related security infrastructure a plus
公司介绍
FedEx Corp(纽约证交所股票代码:FDX)专为全球客户及企业提供全面的运输、电子贸易和商业服务。FedEx Corp.年营业收入达到580亿美元,旗下多家公司共同参与者竞争,并全部归于享誉市场的“联邦快递”品牌下统一管理,致力于提供综合业务应用方案。FedEx Corp.屡次获选为全球最受推崇和信赖的雇主,旗下40多万团队成员均以“绝对、正面”的态度,秉承最严格的安全、道德和专业标准,通过满足客户和社区需求。
联邦快递是全球最具规模的速递运输公司之一,致力于提供快捷可靠的速递服务,前往全球220多个国家及地区。联邦快递运用覆盖全球的航空和陆运网络,确保分秒必争的货件可于指定日期和时间前迅速送达,并且设有“准时送达保证”。
联邦快递( FedEx)是一家国际性速递集团,提供隔夜快递、地面快递、重型货物运送、文件复印及物流服务,总部设于美国田纳西州,隶属于美国联邦快递集团(FedEx Corp)。全美资企业。
2013年4月1日起,联邦快递中国有限公司实施GDS(全球分销系统)中国区全境覆盖计划,在武汉设立中国区公路转运中心,正式将武汉作为全国公路转运枢纽,承担武汉自西安、郑州、长沙、南昌、上海、重庆、成都、广州8条公路干线,16个往返班次的货物分拨与转运业务。
联邦快递是全球最具规模的速递运输公司之一,致力于提供快捷可靠的速递服务,前往全球220多个国家及地区。联邦快递运用覆盖全球的航空和陆运网络,确保分秒必争的货件可于指定日期和时间前迅速送达,并且设有“准时送达保证”。
联邦快递( FedEx)是一家国际性速递集团,提供隔夜快递、地面快递、重型货物运送、文件复印及物流服务,总部设于美国田纳西州,隶属于美国联邦快递集团(FedEx Corp)。全美资企业。
2013年4月1日起,联邦快递中国有限公司实施GDS(全球分销系统)中国区全境覆盖计划,在武汉设立中国区公路转运中心,正式将武汉作为全国公路转运枢纽,承担武汉自西安、郑州、长沙、南昌、上海、重庆、成都、广州8条公路干线,16个往返班次的货物分拨与转运业务。
联系方式
- Email:recruit@fedex.com
- 公司地址:武汉市汉口建设大道568号新世界国贸大厦I座 (邮编:430022)
- 电话:13971517230