宁波招聘

Responsibilities and tasks

1. Organizing the formulation of security management process and operation rules in accordance with needs of the department or its affiliated unit, and provide security guarantee for the business operation of the department or its affiliates;
2. Responsible for defining, creating and maintaining the documentation for certification and accreditation of each information system in accordance with government requirements, assessing the impacts on system modifications and technological advances.
3. Responsible for the work of the department or affiliated employees and third party personnel in accordance with the group’s security policy and procedures;
4. Responsible for timely transmitting the group information security requirements to the department or affiliated personnel;
5. Responsible for timely reporting of information security incidents, assisting relevant departments to conduct investigation, response and handling of security incidents;
6. Responsible for the information security awareness education and examination work of the department or affiliated employees and third party personnel ;
7. Cooperating with the implementation of the information security system construction of the department or its affiliates, complete the risk assessment and report the results, cooperate with the preparation and review of the ISMS documents, internal and external security inspections, tracking and rectification of non-conformities, validity measurement of ISMS, information asset management, etc;
8. Completing the work related to the information security audit of the department or affiliated unit in accordance with the requirements of the group information security supervision office:
9. plementation of specific audit work;
10. ggestions for improvement on audit results;
11. rticipate in audit initiation meetings and audit summary meetings;
12. porting the audit results and suggestions to the audit team leader.
13. span>
14. /span>）根据本部门或所属单位的需要，组织制定安全管理流程和操作细则，并为本部门或其附属机构的业务运作提供安全保障;
15. /span>）根据政府的要求，负责定义、创建和维护每个信息系统的认证和认证文件，评估对系统修改和技术进步的影响。
16. /span>）根据集团的安全政策和程序，负责本本公司下属员工和第三方人员的工作;
17. /span>）负责及时将集团信息安全要求传达给部门或相关人员;
18. /span>）负责信息安全事件的及时上报，协助相关部门做好安全事件的调查、响应和处理；;
19. /span>）负责本部门或所属单位员工及第三方人员的信息安全意识教育和考试工作;
20. 配合落实本部门或所属单位的信息安全体系建设工作，完成风险评估并将结果上报、配合ISMS文件编写及评审、内外部各项安全检查及不符合项的跟踪整改、ISMS有效性测量、信息资产管理等；;
21. /span>）根据集团信息安全监察办公室的要求，完成有关部门或附属单位的信息安全审计工作：
22. 审计工作的实施;
23. 审计结果的建议;
24. 审计启动会议和审计总结会议;
25. 计组长报告审计结果和建议。

Skill and Qualification Requirements

• Bachelor degree or above in computer or information security management, with more than 3 years of working experience in information security management
• Proficient in information security professional knowledge and skills, familiar with industry information security standards (such as ISO27001), laws and regulations, having rich experience in information security projects
• Familiar with the installation, operation and maintenance of mainstream information security products (such as enterprise antivirus and firewall); having experience in the construction and maintenance of large network security systems is preferred
• Those who have international certification certificates of security, network, system and database, such as CCNP, CCIE, CISP, CISSP, PMP, etc. are preferred
• Strong learning ability, good communication and coordination ability and good service awareness.
• Strong sense of responsibility, able to work under pressure, good team spirit and professional ethics
• Familiar with the principles and practices of common high-risk Web vulnerabilities (SQL injection, XSS, CSRF, WebShell, etc.), and it is preferred to actually submit overly risky vulnerabilities on each vulnerability submission platform;
• Familiar with penetration testing technology, and those who have certification qualifications in the security field such as CISP, ISO27001, CISSP and CISA are preferred
• Fully proficient in English both written and verbally

• 计算机或信息安全管理相关专业本科以上学历，3年以上信息安全管理工作经验
• 精通信息安全专业知识与技能，熟悉行业信息安全相关标准（如ISO27001）和法律法规，有丰富的信息安全项目实践经验
• 熟悉主流信息安全产品（如企业防病毒、防火墙）安装、运行和维护，有大型网络安全系统建设及维护经验者优先
• 有安全、网络、系统、数据库国际认证证书者，如CCNP、CCIE、CISP、CISSP、PMP等认证者优先考虑
• 学习能力强，具备较好的沟通协调能力和良好的服务意识
• 责任心强，能够承受较大工作压力，有良好的团队协作精神，具备良好的职业道德
• 熟悉常见Web高危漏洞（SQL注入、XSS、CSRF、WebShell等）原理及实践，在各漏洞提交平台实际提交过高风险漏洞优先；
• 熟悉渗透测试技术，有CISP、ISO27001、CISSP、CISA等安全领域认证资格者优先考虑

浙江吉利控股集团是中国汽车行业十强企业。1997年进入轿车领域以来，凭借灵活的经营机制和持续的自主创新，取得了快速的发展，现资产总值超过340亿元，连续八年进入中国企业500强,连续六年进入中国汽车行业十强，被评为首批国家“创新型企业”和“国家汽车整车出口基地企业”。
浙江吉利控股集团总部设在杭州，在浙江临海、宁波、路桥和上海、兰州、湘潭、济南等地建有汽车整车和动力总成制造基地，在澳大利亚拥有DSI自动变速器研发中心和生产厂，已形成年产60万辆整车、60万台发动机、60万台变速器的生产能力。
 秉承“快乐人生，吉利相伴”的核心价值理念，浙江吉利控股集团将继续走“人才与创新”的道路，发挥团队智慧，依靠全体员工，为中国汽车工业自主品牌的崛起，为实现“造最安全、最环保、最节能的好车，让吉利汽车走遍全世界”的美丽追求而奋斗！
网址：www.geely.com