Information Security Manager信息安全经理
上海任仕达人才服务有限公司
- 公司规模:150-500人
- 公司性质:外资(欧美)
- 公司行业:专业服务(咨询、人力资源、财会)
职位信息
- 发布日期:2012-08-17
- 工作地点:上海
- 招聘人数:1
- 工作经验:三年以上
- 学历要求:大专
- 职位类别:技术总监/经理 网络信息安全工程师
职位描述
POSITION SUMMARY:
The Information Security Manager (ISM) falls into the classification of Technology Manager, IST. As this classification would suggest, the ISM functions in both a managerial and a technical role. First, as manager of the Information Security Team, the ISM is responsible for setting technical direction for and delegating tasks to other team members. Second, the ISM is responsible for conducting regular risk assessments, communicating risks to management, developing and maintaining information security policies, standards, and procedures, maintaining compliance with various regulations, and monitoring for compliance.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
The ISM is responsible for all of the following, either personally or through delegation to team members:
1. Center of Excellence Responsibilities
§ Provide training on information security policies, standards and procedures to COE resources
§ Assist COE resources in monitoring for and resolving security vulnerabilities
§ Provide oversight on the effectiveness of security controls implemented in COE regions
§ Include risks from all markets in communication to management to provide a global security picture
2. Firewall Responsibilities
§ Manage team of engineers responsible for firewall operations
§ Periodically review firewall rulebases
§ Level 2 support for firewalls (network team is first level)
3. Intrusion Detection and Prevention Responsibilities
§ Develop and implement enterprise intrusion detection strategy
§ Manage team of engineers responsible for operation of IDS systems
§ Backup to Security Engineer on IDS issues
4. Security Auditing Responsibilities
§ Conduct vulnerability scans, communicate results to appropriate groups, and act on results
§ Facilitate and respond to audits by other groups (internal and external)
§ Perform manual audits in various areas
§ Perform continual risk analysis and communicate risk to management
§ Monitor for security policy compliance
5. Remote Access Responsibilities
§ Enforce enterprise remote access policy and strategy
§ Manage and support corporate two-factor authentication solution for remote access
6. Documentation Responsibilities
§ Work with Director of Information Security to develop, publish, & review security policies, procedures, and standards
7. Consulting & Projects Responsibilities
§ Assist various groups in formulating responses to vulnerabilities uncovered through auditing
§ Provide consulting to various groups on security issues
§ Participate in projects impacting security
8. Virus Prevention Responsibilities
§ Manage vendor relationship with virus protection vendors
§ Work with Director of Information security to develop enterprise virus protection strategy and ensure compliance with it
§ Communicate to all users when virus threats warrant
§ Work with server and desktop teams on configuration of virus protection software
§ Respond to virus threats/incidents
9. Security Research Responsibilities
§ Subscribe to alert services/Read security web sites/Read trade magazines
§ Stay abreast of latest security technologies and set strategy for future direction
§ Manage vendor relationships with current and prospective security vendors
§ Stay current on security issues through formal training
§ At least monthly (more frequently when warranted), produce recommendation on patches that resolve security vulnerabilities
10. Security Awareness Responsibilities
§ Regularly communicate security issues to management
§ Send regular security updates
§ Maintain INFOSEC web site
11. Incident Response Responsibilities
§ Form emergency response plan involving appropriate teams
§ Participate in disaster recovery planning
§ Test effectiveness of incident response plan
12. Internet Access Responsibilities
§ Provide support of proxy server for issues escalated from infrastructure team
§ Maintain web filtering software configuration to satisfy both information security and human resources requirements
13. Authentication Responsibilities
§ Ensure access to all corporate information has proper authentication
§ Support ACE/Server, SecurID issues
§ Ensure all remote access to corporate information uses two-factor authentication
KNOWLEDGE, SKILLS, AND ABILITIES:
1. Job requires a college degree (master's degree preferred) plus 5+ years of IT experience, including 3+ years of information security management experience in a large, Internet-based environment.
2. Certified Information Systems Security Professional (CISSP) certification is strongly preferred. Certified Information Security Manager (CISM) certification is preferred.
3. Proficiency with and experience in managing firewalls, intrusion detection systems, virus protection systems, authentication systems, and security auditing tools is preferred.
4. Working knowledge of Windows operating systems and Active Directory is required, as well as technical and functional knowledge of computer hardware.
5. Proficient in TCP/IP networking and network design.
6. Familiarity with web development, database design, and Mary Kay Inc. content deployment process.
7. Good leadership capability required to respond to major information security issues, including responses to hacks, virus infestations
The Information Security Manager (ISM) falls into the classification of Technology Manager, IST. As this classification would suggest, the ISM functions in both a managerial and a technical role. First, as manager of the Information Security Team, the ISM is responsible for setting technical direction for and delegating tasks to other team members. Second, the ISM is responsible for conducting regular risk assessments, communicating risks to management, developing and maintaining information security policies, standards, and procedures, maintaining compliance with various regulations, and monitoring for compliance.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
The ISM is responsible for all of the following, either personally or through delegation to team members:
1. Center of Excellence Responsibilities
§ Provide training on information security policies, standards and procedures to COE resources
§ Assist COE resources in monitoring for and resolving security vulnerabilities
§ Provide oversight on the effectiveness of security controls implemented in COE regions
§ Include risks from all markets in communication to management to provide a global security picture
2. Firewall Responsibilities
§ Manage team of engineers responsible for firewall operations
§ Periodically review firewall rulebases
§ Level 2 support for firewalls (network team is first level)
3. Intrusion Detection and Prevention Responsibilities
§ Develop and implement enterprise intrusion detection strategy
§ Manage team of engineers responsible for operation of IDS systems
§ Backup to Security Engineer on IDS issues
4. Security Auditing Responsibilities
§ Conduct vulnerability scans, communicate results to appropriate groups, and act on results
§ Facilitate and respond to audits by other groups (internal and external)
§ Perform manual audits in various areas
§ Perform continual risk analysis and communicate risk to management
§ Monitor for security policy compliance
5. Remote Access Responsibilities
§ Enforce enterprise remote access policy and strategy
§ Manage and support corporate two-factor authentication solution for remote access
6. Documentation Responsibilities
§ Work with Director of Information Security to develop, publish, & review security policies, procedures, and standards
7. Consulting & Projects Responsibilities
§ Assist various groups in formulating responses to vulnerabilities uncovered through auditing
§ Provide consulting to various groups on security issues
§ Participate in projects impacting security
8. Virus Prevention Responsibilities
§ Manage vendor relationship with virus protection vendors
§ Work with Director of Information security to develop enterprise virus protection strategy and ensure compliance with it
§ Communicate to all users when virus threats warrant
§ Work with server and desktop teams on configuration of virus protection software
§ Respond to virus threats/incidents
9. Security Research Responsibilities
§ Subscribe to alert services/Read security web sites/Read trade magazines
§ Stay abreast of latest security technologies and set strategy for future direction
§ Manage vendor relationships with current and prospective security vendors
§ Stay current on security issues through formal training
§ At least monthly (more frequently when warranted), produce recommendation on patches that resolve security vulnerabilities
10. Security Awareness Responsibilities
§ Regularly communicate security issues to management
§ Send regular security updates
§ Maintain INFOSEC web site
11. Incident Response Responsibilities
§ Form emergency response plan involving appropriate teams
§ Participate in disaster recovery planning
§ Test effectiveness of incident response plan
12. Internet Access Responsibilities
§ Provide support of proxy server for issues escalated from infrastructure team
§ Maintain web filtering software configuration to satisfy both information security and human resources requirements
13. Authentication Responsibilities
§ Ensure access to all corporate information has proper authentication
§ Support ACE/Server, SecurID issues
§ Ensure all remote access to corporate information uses two-factor authentication
KNOWLEDGE, SKILLS, AND ABILITIES:
1. Job requires a college degree (master's degree preferred) plus 5+ years of IT experience, including 3+ years of information security management experience in a large, Internet-based environment.
2. Certified Information Systems Security Professional (CISSP) certification is strongly preferred. Certified Information Security Manager (CISM) certification is preferred.
3. Proficiency with and experience in managing firewalls, intrusion detection systems, virus protection systems, authentication systems, and security auditing tools is preferred.
4. Working knowledge of Windows operating systems and Active Directory is required, as well as technical and functional knowledge of computer hardware.
5. Proficient in TCP/IP networking and network design.
6. Familiarity with web development, database design, and Mary Kay Inc. content deployment process.
7. Good leadership capability required to respond to major information security issues, including responses to hacks, virus infestations
公司介绍
www.randstad.cn
联系方式
- 公司地址:梅园路77号
- 邮政编码:200070