上海招聘

职位描述：
Synopsis:
The Information Security Manager, AWS & Infrastructure is responsible for the secure delivery of our business application platforms and AWS environment within several products, globally. Our business application platform is the foundation of our business around which all other products are built.

You will be required to conduct technical risk assessments to ensure that controls and compliance requirements are enforced across all projects, initiatives and operations within our online and offline platforms. Additionally, you will provide information security contributions to the strategy, budget, development, deployment, operation and maintenance of all systems, websites, software and hardware to support global and local business unit needs.

This is a critical responsibility and the solutions you implement should provide capabilities for today and have the flexibility to support future business objectives and goals. The Information Security Manager must have experience of working within highly complex and fast paced environments, and gained strong information security experience. Candidates must have a strong track record of performing technical risk assessments, and developing risk treatment plans, as well as a broad information security technology and governance understanding.

This is a technical, hands on role, and you will be implementing solutions, not just advising.

Key job responsibilities:
- Manage and Lead internal and external resources to prevent, detect and mitigate information security and compliance risk to the business units and act as point of contact for subjects relating to information security and compliance.
- Proactive involve and advise security requirements to existing or new application development projects and related business services.
- Develop, evaluate and maintain information security and compliance standards, process and baselines, and participate in continuous improvement of information security and compliance maturity across the whole organization.
- Contribute to the creation and delivery of a security roadmap for the business units.
- Accountable for technical escalation for security and compliance incidents, liaising with other internal teams and 3rd party support partners as required, resolving issues within the defined organizational framework and scopes.
- Proactive management of security controls and countermeasures. Plan, develop, deploy, test and optimize the AWS & infrastructure systems, or services in accordance with laws, regulatory, internal policies, industry best practices and any compliance requirements.
- Monitor and safeguard information security and compliance policies, processes, procedures are followed.
- Represent as the PIC of the organization Information Security at internal meetings and external events.
- Conduct training and educate key business users and groups to comply internal Information Security Polices and Compliance.

General Requirements:
- Fluent in English and Chinese is a must
- Experience working in a large and/or global matrix organization
- Experience working in software development or internet company is a big plus.
- Required skills and attributes
- Excellent communication skills – clear, simple, apolitical.
- Good negotiation skill to influence decision makes to balance between cost and risk.
- Ability to articulate security advice directly to key stakeholders, including up to CTO and IT Director level.
- Ability to prioritize workload under pressure, to meet timeline and manage multiple business units’ expectations.
- Strong understanding of the business relevance of information risks and the current trends and developments in information security and compliance.
- Experience in managing large scale project is a big plus.

Required Experience:
- At least 3 years’ experience of a technically focused security role.
- Experience of all key security technologies (e.g. Firewall, IDS, IPS and Endpoint security controls).
- Experience in implementing or participating information security management and compliance solutions (e.g. Data Privacy -Regulations, PCI, ISO27001, etc.)
- Experience in supporting Ex/Internal audit, and organize internal control review for information security & compliance related subjects.
- Experience in managing information security and compliance in cloud computing environment is a big plus (AWS is preferred).
- ITIL (foundation or above) certified is a big plus.
- Deep knowledge in Windows and/or Linux, or database is a big plus.
- CCNA or CCNP certified is a big plus.
- CEH, CCP IA Architect, CISSP or similar information security certified is a big plus.

关于英孚教育
英孚教育成立于1965年，是一家全球教育培训公司，以“教育，让世界无界”为企业使命。英孚在全球各地有诸多学校和办事处，并拥有优质在线英语学习基地Englishlive。英孚主要致力于语言培训、出国留学游学、学位课程和文化交流等项目。英孚教育致力于长足扎根中国市场，曾担任2008年北京奥运会语言培训服务提供商。自1988年以来，英孚已经支持服务六届奥运会，包括2018年平昌冬季奥运会和即将要举办的2020年东京奥运会。英孚还发布了全球英语熟练度报告（www.ef.com/epi）,该报告打破了地域限制，在全球范围内测试了不同国家成人的英语能力。
 
About EF Education First
Established in 1965 with a mission to open the world through education, EF Education First (EF) is an international education company which focuses on language, academics, and cultural experience. EF (www.ef.com) has hundreds of schools and offices worldwide and online English learning platform English Live . With long term commitment in China, EF has been selected as the official supplier of language training services for Beijing 2008 Olympics. Since 1988, EF has provided service to Olympic Games for six times, including the PyeongChang 2018 Winter Olympics and the upcoming Tokyo 2020 Olympics. Each year, EF publishes the English Proficiency Index (www.ef.com/epi) measuring the English ability of adults in countries across the world.