上海外企急聘:Information Security Risk Management

Manager / Lead Manager, Information Security Risk Management, SA&A

-- 目前职责范围有所调整:只负责管理中国区域 (年薪25W~40W)

Reporting To
– Group Manager - Information Security Risk Management, SA&A

Responsibilities:
1.Work with the local teams as part of SA&A Risk Management team to facilitate –
2.Risk analysis of services and assets
3.Implementation of risk mitigating controls
4.Measurement of control effectiveness through metrics
5.Effective closure of all internal/external audit observations
6.Requirements sign off and UAT from security perspective, for IS applications owned by the concerned BEF or subsidiary specific internal applications.
7.Implementation of controls for compliance with SOX, FISAP or equivalent

requirements

1.Work with the delivery account / process teams within the subsidiary to facilitate
2.Assistance to delivery accounts to ensure and track compliance with contractual requirements from information security perspective
3.Providing information security expert assistance for audit/visit by customer/prospect
4.Effective closure of all internal/external audit observations
5.Measurement of control effectiveness through metrics at a delivery account level
6.Providing information security expert assistance to delivery accounts for external audits e.g. ISO 27001, SAS70, PCI etc
7.Provide assistance to SA&A Risk Management Team activities e.g. creating security awareness in the subsidiary
8.Provide support and seek assistance from SA&A Audits & Assurance Team for scheduling internal systems and process audits.
9.Provide support and seek assistance from SA&A Engineering team for issues related to secure system/network configuration, secure technology evaluation and forensic investigation.
10.Provide support and seek assistance from SA&A Incident Management Team for issues related to security incident management.

Pre-requisites :
1.Must have information security implementation related experience of 6 to 10 years.
2.Must have good understanding of information security related standards like ISO 27001, PCI, COBIT
3.Relevant certifications like CISA, CISSP, CISM, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer would be preferred.
4.Should have good understanding of basic concepts of networking, TCP/IP, Security issues in operating systems (e.g. Microsoft Windows), information security risks in networks, systems and processes etc.
5.Previous hands on experience in terms of IT systems integration, administration or network design etc. would be additional advantage.
6.Should have keen interest to learn about new trends in information security and ability to apply the knowledge to identify and mitigate new areas of risks.
7.Should have the ability to manage projects involving cross functional teams.
8.Should have excellent communications skills in English and Mandarin languages.
9.Should be a good team player since this involves working with geographically distributed teams.
10.Must have ability to understand IP laws and protection mechanisms in China and Australia.
11.Should have the ability to bring experience of progressive Information Security practices from the region.
12.Should have about 6 – 8 experience in working with multinational companies; with demonstrated ability to effectively interact in the region (Primarily China and Australia).



base: 上海浦东


有意的朋友简历请投至:[email protected],Odin forward

Best regards!

belinda (Senior Consultant)

ShangHai wide-keen Consulting co.,Ltd.
Te l: +86-21-52731690-803
Msn : [email protected]
 

你可能感兴趣的:(Security,职场,休闲,Management,information,Risk)