Sr Manager - Information Security Governance
阿迪达斯体育(中国)有限公司上海分公司
- 公司规模:150-500人
- 公司性质:外资(欧美)
- 公司行业:批发/零售
职位信息
- 发布日期:2019-01-30
- 工作地点:上海-徐汇区
- 招聘人数:1人
- 工作经验:5-7年经验
- 学历要求:本科
- 职位月薪:2.7-3.7万/月
- 职位类别:信息技术经理/主管 项目经理
职位描述
Purpose
· Information Security Governance refers to our companies coordinated strategy for managing the broad issues of corporate governance, enterprise risk management and corporate compliance with regards to regulatory, internal and external requirements.
· Together with your team you are responsible to govern the effectively and cost-efficiently mitigation or remediation of risks that can hinder our organization’s operations or our ability to remain competitive in the market. You also ensure our company’s conformance with regulatory and internal requirements for IT operations, - and other IT/business practices.
Key Accountabilities
Information Security Management System (ISMS)
· Responsible for ISMS program (based on ISO/IEC 27000 series standards) execution in defined scopes with management reporting
· Manages cyber security risk assessments within ISMS and supports controls selection activities for any service/project/asset
· Identifies new threats/vulnerabilities and reporting to relevant stakeholders in relation to information security risk.
· Ensure effective risk remediation process x-functional to increase maturity
· Contribute to information security awareness, training and educational activities.
Security Compliance Program Management
· Proactively identify security gaps and support business/IT stakeholders on their demands
· Contribute to the creation of a business case that outlines a recovery compliance strategy including implementation plan, resources needed, budget and life cycle management.
· Develop a project charter and manage to successfully deliver the assigned projects, end-to-end, ideally through applying RAP methodology effectively. Manage the execution and completion of the defined project plan through effectively coordinating people and resources.
· Monitor the project variables (cost, effort, scope, etc.) against the project plan to implement corrective or preventative actions.
· Ensure regular status reporting is presented to project stakeholders and his manager. Be responsible and highlight any project obstacles with offering solutions for corrective actions. Follow up and drive issue resolution with project stakeholders.
Services and Governance
1. IT Policy & Standard Management
· Responsible to create IT individual policy- and standard rules within IT Compliance programs, ensuring that legal, contractual, internal, rules and regulations are met. Perform quality assurance with IT stakeholder and develop the review and approval material for senior management.
· Create awareness information and training material and provide regular update sessions with Markets and HQ. Ensure existing documents are up to date and centrally available.
2. IT Governance Framework
· Establish a framework for the respective service (e.g. PCI, ITSCM etc.), that outlines the scope, process, roles & responsibilities, lifecycle management, training material and a communication strategy.
· Create specific process documents including all necessary end-2-end workflows and ensure successful process implementation and lifecycle management across the organization.
3. IT Assessment Management
· Manage assigned assessments through identifying non-compliant area’s and topics for company critical assets IT systems, applications and processes.
· Enter the identified IT / SCM risks/topics to the global audit - and assessment database and/or Security specifics to ISMS.
· Consult, track and follow up with issue owners to ensure they become compliant and ensure risk mitigation/remediation.
4. Service Demand Management
· Manage the assigned task within the demand management process of Information Security Governance. This includes the alignment x-functionally within Information Security, stakeholders and requestors.
5. Contract Support (Information Security)
· Create the third-party vendor contract annexes for Information Security for Global Procurement and IT Supplier Management.
External Financial Audit (IT)
· Support the Global IT SPOC for the yearly external financial audit. Coordinate the field work audit plan, organize field work kick off between IT Champs & external audit, challenge the audit field work results and align content with external audit.
Risk Acceptance
· Support the risk acceptance process activities. Evaluate the individual risk components, compensation controls and remediation activities.
If required: People Management
· Build the appropriate structure to be able to manage the respective organization effectively, identify and develop the future talents and create realistic succession scenarios for key positions
· Ensure appropriate leadership skills are present at every level by creating a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development
· Allocate the different projects/programs and work streams to the respective teams and employees considering experience, project complexity, workload and organizational efficiency
Knowledge, Capabilities and Experience
· Pro-active mindset, ability to think end-to-end
· Ability to identify problems, collect data, establish facts and draw valid conclusions
· Ability to coach, guide and manage a (project/service) team
· Strong communication (both written and verbal) and facilitation skills (small and large groups), especially when interacting with different levels of business
· Ability to travel, domestic or international
· Fluent English (verbal and written)
· Strong experience with standards work in security, such as ISO 2700x, ISO27031/BS25999; PCI DSS, COBIT, COSO, OWASP; HIPPA etc.
· Industry recognized certification (ISO 27001 lead auditor, CISA; CGEIT; CRISC etc.)
· Ideally certified as ISO 27001 lead auditor, CISA, CISM, TISP
Qualifications
1. Four-year college or university degree with focus on Information Security or related areas, or equivalent combination of education and experience
2. Minimum of 6+ years of progressive work experience in the field of IT Compliance, Security and Governance
3. If required: 1-3 years of experience managing a team
公司介绍
adidas China was founded in 1997 and headquartered in Shanghai, one of adidas’ six key cities across the globe. With a population of 24 million, Shanghai is the largest city in China – and eighth largest in the world. It's the country's most important center for culture, commerce, and industry. Sometimes referred to as the "Paris of the East'," Shanghai prides itself for being a fashion capital as well.
Shanghai is also the headquarter of adidas Asia-Pacific market which is crucial to achieving the brand’s mission to be the best sports company in the world.
联系方式
- 公司地址:地址:span国贸汇1期