| 作者 |
 上海外企聘:Information Security Risk Management manager/leader |
 |
headhunterC
头衔: 海归少校
性别: 
加入时间: 2009/07/11
文章: 96
来自: shang hai
海归分: 27110
|
|
|
作者:headhunterC 在 海归招聘 发贴, 来自【海归网】 http://www.haiguinet.com
Position – Manager / Lead Manager, Information Security Risk Management, SA&A
Reporting To – Group Manager - Information Security Risk Management, SA&A
Number of years relevant experience – 6 to 10 years
Scope of responsibilities – APAC region ( China, Australia, rest of APAC)
Proposed Job Responsibilities –
1. Work with the local teams as part of SA&A Risk Management team to facilitate –
• Risk analysis of services and assets
• Implementation of risk mitigating controls
• Measurement of control effectiveness through metrics
• Effective closure of all internal/external audit observations
• Requirements sign off and UAT from security perspective, for IS applications owned by the concerned BEF or subsidiary specific internal applications.
• Implementation of controls for compliance with SOX, FISAP or equivalent requirements
2. Work with the delivery account / process teams within the subsidiary to facilitate –
• Assistance to delivery accounts to ensure and track compliance with contractual requirements from information security perspective
• Providing information security expert assistance for audit/visit by customer/prospect
• Effective closure of all internal/external audit observations
• Measurement of control effectiveness through metrics at a delivery account level
• Providing information security expert assistance to delivery accounts for external audits e.g. ISO 27001, SAS70, PCI etc
3. Provide assistance to SA&A Risk Management Team activities e.g. creating security awareness in the subsidiary
4. Provide support and seek assistance from SA&A Audits & Assurance Team for scheduling internal systems and process audits.
5. Provide support and seek assistance from SA&A Engineering team for issues related to secure system/network configuration, secure technology evaluation and forensic investigation.
6. Provide support and seek assistance from SA&A Incident Management Team for issues related to security incident management.
Pre-requisites –
1. Must have information security implementation related experience of 6 to 10 years.
2. Must have good understanding of information security related standards like ISO 27001, PCI, COBIT
3. Relevant certifications like CISA, CISSP, CISM, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer would be preferred.
4. Should have good understanding of basic concepts of networking, TCP/IP, Security issues in operating systems (e.g. Microsoft Windows), information security risks in networks, systems and processes etc.
5. Previous hands on experience in terms of IT systems integration, administration or network design etc. would be additional advantage.
6. Should have keen interest to learn about new trends in information security and ability to apply the knowledge to identify and mitigate new areas of risks.
7. Should have the ability to manage projects involving cross functional teams.
8. Should have excellent communications skills in English and Mandarin languages.
9. Should be a good team player since this involves working with geographically distributed teams.
10. Must have ability to understand IP laws and protection mechanisms in China and Australia.
11. Should have the ability to bring experience of progressive Information Security practices from the region.
12. Should have about 6 – 10 experience in working with multinational companies; with demonstrated ability to effectively interact in the region (Primarily China and Australia).
单位地:上海浦东。张江
有意的朋友简历请投至: [email protected]
或MSN交流:[email protected]
或电话沟通:021-63081762
作者:headhunterC 在 海归招聘 发贴, 来自【海归网】 http://www.haiguinet.com
|
|
|
| 返回顶端 |
|
 |
|
-
 上海外企聘:Information Security Risk Management manager/leader -- headhunterC - (3758 Byte) 2010-4-21 周三, 15:08 (1216 reads)
|
|
|
|
您不能在本论坛发表新主题, 不能回复主题, 不能编辑自己的文章, 不能删除自己的文章, 不能发表投票, 您 不可以 发表活动帖子在本论坛, 不能添加附件可以下载文件, |
|
|
