东莞招聘

Job summary

The (Senior) Information Security Engineer is responsible for enhancing the security of the company’s IT infrastructure and its information by working together with internal IT and IS teams. In the long term, this position would be heavily involved with Dezan Shira’s external clients for providing IT security advisory services as well, once the internal information security situation has reached a high enough standard. Consistent customer care, quality standards, strong communication skill, and reporting requirements are core competencies for the position. Ability to quickly adapt to changing priorities and fluctuations in workflow are also requirements of the Information Security Engineer role.

Principal Responsibilities: (Essential Function)

• Security Management
• Auditing IT security level of all global offices and managing the information security threats associated with the operational environment
• Reviewing existing IT infrastructure, locating weaknesses and developing improvement plans
• Coordinating internal IT / IS team to implement security enhancement and mitigating security risk
• Setting up and monitoring network and system baseline
• Reviewing data backup strategy and plan, providing suggestions for improvement
• Investigating, coordinating and addressing information security incidents
• Performing penetration tests and forensic analysis

• Risk Management
• Communicating with senior management and other stake holders to understand the business solution, and creating risk management plans accordingly
• Developing & reviewing Business Continuity Plan and Disaster Recovery Plan

• Security Policy, procedure, guide
• Creating security management systems via the analysis of business operations
• Developing and carrying out security policies, procedures, and guides
• Helping operation team to better comply with related security law & regulations, like Cyber Security Law of China or General Data Protection Regulation of EU
• Reviewing and improving existing security control documents

• ISO27001
• Deeply involved in ISO27001 project to allow the company (or specific office) to be certified

• Security awareness
• Conducting and implementing information security awareness campaigns to all staff
• Arranging the security related training to internal IT / IS team

• Compliance
• Tracking compliance to laws and regulations in IT field
• Coordinating with legal and operational teams to identify compliance gaps and perform improvement actions

• Client service
• Providing IT security related advisory and implementation service to our clients
• Performing IT Audit by coordinating with Audit team when needed

• Other tasks
• Occasionally providing IT support to local office staff as a backup role when local IT support team is temporarily not available.

Job Requirements

Skills

• Good knowledge of IT domains such as networking, operation system, system software, infrastructure, and their common vulnerabilities
• Hands-on experience with common security tools, system hardening, website protection, and a certain level of scripting / programming skill
• Good working knowledge about IT security standards like ISO27001 / PCI-DSS / COBIT…etc., and common law & regulation in IT field, like GDPR, CSL, MLPS, and their impact on business operation
• Knowledge and experience on cloud security / mobile security / ERP system / SQL database / IT audit will be a plus
• Good verbal and written communication skills, must be able to use English as working language
• Problem solving skills, organizational skills, and the ability to exercise sound judgment in any customer service scenario
• The selected candidate must be good team player with self-motivation and have the ability to work independently with minimal direction
• Willingness to travel and work beyond office hours in case of any urgent and important incidents

Education

• Bachelor in IT or related discipline
• CISSP / CISA /ISO27001 /Microsoft 365 or Azure certification will be a plus

Experience

• 3-5 years of experience in IT, with at least 2 years focus on information security
• Working experience in multi-national company will be a plus

Dezan Shira & Associates are a specialist foreign direct investment practice, providing legal, audit and tax services to multinationals investing in China, China Hong Kong, India & Vietnam.
Established in 1992, we are a leading Asia Regional practice with sixteen offices in these jurisdictions, employing almost 300 legal, accounting and audit professionals.

The advantages of working for us

Hectic but friendly and nourishing working environment where one’s ambitions and potential can grow and develop
Career advancement potential open to all levels
Possibilities to relocate to different offices
Being part of a successful and well known fast developing consulting firm in Asia

Additional background information on Dezan Shira & Associates can be found at ****************

We shall offer competitive packages to the right candidate and terrific career advancement opportunities.

Contact information
Interested candidates should send Chinese and English CV, expected salary to fanny.liu@dezshira.com