上海招聘

职位描述：
The Infosec Manager is responsible for the secure delivery of our learning platforms and technical systems within several products, globally. Our digital learning platform is the foundation of our business around which all other products are built.

You will be required to conduct technical risk assessments in order to ensure that controls and compliance requirements are enforced across all projects, initiatives and operations within our digital and offline platforms. Additionally, this person will provide information security contributions to the strategy, budget, development, deployment, operation and maintenance of all systems, websites, software and hardware to support global and local business unit needs.

This is a critical responsibility and the solutions you implement should provide capabilities for today and have the flexibility to support future business objectives and goals. The Infosec Manager must have experience of working within highly complex and fast paced environments, and gained strong information security experience. Candidates must have a strong track record of performing technical risk assessments, and developing risk treatment plans, as well as a broad infosec technology and governance understanding. This is a technical, hands on role, and you will be implementing solutions, not just advising.

We will provide you with a series of challenging infosec projects together with the tools, environment and support needed to give you the best possible chance of succeeding. More than that, we will give you the opportunity to work within a culture that is energetic, passionate and innovative, working with some of the most impressive people in technology! Bring your passion, curiosity, and talent to our team and we will give you an environment full of challenges to flourish in.

Core Responsibilities Include
---Manage and lead internal and external resources to prevent, detect and mitigate Information Security risk to the business units and act as point of contact for matters relating to Information Security
---Identify, define and provide security requirements into new projects, services and carrying out third party security assessment on new vendors and suppliers to ensure compliance to the company standards and governance.
---Create documented security standards, processes and baselines, and participate in continuous improvement of Information Security maturity across the whole organization.
---Contribute to the creation and delivery of a security roadmap for the business units.
---Accountable for technical escalation for incidents, liaising with other departments/3rd party support partners as required, resolving issues within the defined Service Line
---Proactive management of security controls and countermeasures. Plan, develop, deploy, test and optimize the infrastructure systems and services, taking responsibility for security improvement projects
---Advise on changes to infrastructure systems or services in accordance with information security policies, best practice and any compliance requirements.
---Ensure that policies and procedures are followed.
---Provide security measurement (KPI’s, Metrics).
---Represent Information Security at internal meetings and external events.

Requirements
General
---Fluent in English - required
---Some Chinese preferred
---Ability to travel up to 20%
---Able to commit to living in Shanghai for a minimum of 3 years
---Experience working in a large and/or global matrix organization

Required Skills and Attributes
---Self-driven
---Excellent communication skills – clear, simple, apolitical
---Strong negotiation skills to influence cost and risk based decisions
---Cross-cultural project management or stakeholder management experience preferred
---Experience managing a budget (either project based or department based)
---Ability to articulate security advice directly to key stakeholders, including up to CIO or IT Directors level
---Ability to prioritize workload under pressure, to meet deadlines and manage multiple business unit’s project expectations
---Strong understanding of the business relevance of information risks and the current trends and developments in information security

Required Experience
---A BS or MS in information security or computer science is preferred
---Ideally CEH, CCP IA Architect, CISSP or similar information security qualifications
---At least 3 years’ experience of a technically focused security role
---Experience of all key security technologies (eg. Firewalls, IDS, IPS & Endpoint security controls)
---Experience in implementing security governance and compliance solutions (eg Data Privacy regulations, PCI, ISO27001) 举报 分享

关于英孚教育
英孚教育成立于1965年，是一家全球教育培训公司，以“教育，让世界无界”为企业使命。英孚在全球各地有诸多学校和办事处，并拥有优质在线英语学习基地Englishlive。英孚主要致力于语言培训、出国留学游学、学位课程和文化交流等项目。英孚教育致力于长足扎根中国市场，曾担任2008年北京奥运会语言培训服务提供商。自1988年以来，英孚已经支持服务六届奥运会，包括2018年平昌冬季奥运会和即将要举办的2020年东京奥运会。英孚还发布了全球英语熟练度报告（www.ef.com/epi）,该报告打破了地域限制，在全球范围内测试了不同国家成人的英语能力。
 
About EF Education First
Established in 1965 with a mission to open the world through education, EF Education First (EF) is an international education company which focuses on language, academics, and cultural experience. EF (www.ef.com) has hundreds of schools and offices worldwide and online English learning platform English Live . With long term commitment in China, EF has been selected as the official supplier of language training services for Beijing 2008 Olympics. Since 1988, EF has provided service to Olympic Games for six times, including the PyeongChang 2018 Winter Olympics and the upcoming Tokyo 2020 Olympics. Each year, EF publishes the English Proficiency Index (www.ef.com/epi) measuring the English ability of adults in countries across the world.