Department Description

The Information Security & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Information Security & Technology Risk (ISTR) is responsible for:

• >Cyber Security:

• Protecting the Technology Environment from internal and external security threats,
• Application Security (through secure coding practices, penetration testing, and developer training)
• Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access Control
• Infrastructure Security& Vulnerability Management
• Security Engineering and Architecture
• Security Application Support
• Cyber Defence Operations

• >Technology Risk

• Information Security
• Risk and Audit Management
• Service Continuity

Purpose of your role

The Information Security Officer (ISO) is accountable for ensuring appropriate controls are in place for the security of information assets. The ISO safeguards information by seeing that security risks are identified, assessed and accurately reported. Additionally, the ISO is charged with ensuring local procedures and activities comply with all regulatory requirements and internal policies, procedures, guidelines and standards. The ISO is the center of competence for Information Security providing an advisory services role and acting as the focal point for security compliance related activities and responsibilities.

Your key accountabilities

• Design policy, procedure, and standards for information security in Asia. Be a key advisor on significant business and product decisions.

• Define information security measurement metrics and other key performance indicators.

• Plan and establish organization-wide Information Security Management System (ISMS) in accordance with ISO/IEC 27001 Standards, thereby ensuring continuous ISO27001 accreditation.

• Integrate information security procedures with organization's business processes and ensure that information security considerations are integrated with IT system planning, development / acquisition life cycle

• Manage a diverse team of technology risk specialists

• Run a continual service improvement programme for all assurance activities

• Take an active role in department information security projects and initiatives.

• Manage Third Party Risk Assessment Program, to ensure that all vendors are compliance to FIL’s information security response.

• Provide a day-to-day operational service in responding to business enquiries regarding information security of company initiatives

• Work with the wider security team to manage exceptions to the controls, preparing any required documentation, advising management of decisions and tracking any agreed rectification plans through to completion

• Provide all-hours-response to major security or recovery incidents, providing technical advice as required. Lead incident response to any information security issues.

• Responsible for compliance checking and reporting of Information Security initiative status across the region.

• Able to translate technical knowledge into business terms and present to senior leadership.

• Provide regular information security awareness training to all staff including phishing tests, classroom sessions and online courses

Your skills and experience

• 8+ years’ experience in Information Security preferably within an international Financial Services firm

• Expertise in information security policies, standards, controls and frameworks such as ISO27001

• Well versed in Risk Management principles.

• Managing a diverse team

• Good understanding of Infrastructure, Application security issues and remediation

• Understanding of regional data protection, privacy and practices

• Familiar with PCI/DSS audit

• Ability to plan, organise, co-ordinate and work well under pressure

• Strong eye for detail with ability to produce accurate, well-structured reports to deadlines

• Discrete and of high integrity

• Able to remain motivated while completing routine tasks

• Flexible and enthusiastic approach and attitude

• Excellent English communication and presentation skills both verbal and written

Desirable qualifications

• Related graduate degree

• Certified ISO 27001 lead implementer or auditor

• Further professional qualifications such as CISSP, CISA, CISM etc are an advantage

上班地址：软件园12号楼

关于富达国际

富达国际提供世界级投资方案及退休规划服务。作为一家私人持有及独立的公司，我们致力为客户提供专业及创新的投资服务和技术，来帮助他们达成财务目标。

富达国际在2004年和2008年分别设立了上海和北京代表处，并于2007年在大连成立技术中心，为亚太地区及英国的业务提供系统和运营支持。2015年，富达国际在上海成立了一家外商独资企业以进一步拓展中国业务。2017年1月，该外商独资企业获得由中国证券投资基金业协会颁授的私募证券投资基金管理业务资格，成为外资资产管理业内首家获得该项资格的公司。

我们为亚太区、欧洲、中东及南美的客户投资2,790亿美元的资产。我们的客户包括退休基金、中央银行、主权基金、大型企业、金融机构、保险公司、财富管理经理以及个人投资者。除了基金管理以外，我们在不同国家为雇员福利计划、顾问公司以及个人投资者提供投资相关的行政管理及咨询服务，所管理的资产约830亿美元。(数据截至2016年12月31日)

关于FIL(大连)科技有限公司

FIL(大连)科技有限公司成立于2007年，是富达国际在中国设立的第一家独资公司。 公司的重点业务为技术开发和基础设施支持，通过卓越的系统开发为富达国际在亚太及欧洲地区的企业提供系统支持，同时也为亚太及欧洲地区的投资者提供运营服务。现有员工超过400人。

为富达国际亚太及欧洲地区业务提供业务解决方案

• 开发和支持亚洲的公开网站和交易平台，网络和移动工具，各种报表和内部报告，以及内部处理工具的系统开发和支持

为富达国际亚太及欧洲地区业务提供基础设施支持

• 提供网络、语音和其他基础设施支持，包括技术支援、IT安全、风险管理、发布管理、数据及存储、云服务、服务器和平台支持

为富达国际亚太及欧洲地区业务提供运营服务

• 支持多个国家和地区(日本、中国香港、韩国、新加坡和中国台湾)
• 包括开设账户、客户数据维护、设定价格、交易处理和结算
• 针对日本业务的现金操控、交易操作、公司行动处理、法定基金文件和基金会计支持

详细信息，敬请访问公司中文网站 www.fidelity.com.cn 及公司招聘网站www.fidelityrecruitment.com.

About Fidelity International

Fidelity International offers world class investment solutions and retirement expertise. We are a privately owned, independent company, with the commitment and resources to provide the investment expertise, technology and service innovation needed to help our clients achieve their financial goals.

Fidelity International established its Shanghai and Beijing Representative offices in 2004 and 2008 respectively, and established Dalian technology centre in 2017 to provide systems and operations support to Asia Pacific and the United Kingdom. Fidelity International established a wholly foreign-owned enterprise (WFOE) in September 2015. In January 2017, the Shanghai WFOE became the first global asset manager to register with the Asset Management Association of China (AMAC) as a private fund management company.

We invest USD $279 billion globally on behalf of clients in Asia-Pacific, Europe, the Middle East, and South America. Our clients range from pension funds, central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals. In addition to asset management, we offer investment administration and guidance for employer benefit schemes, advisers and individuals in several countries. We are responsible for USD $83 billion in assets under administration. (Data as of 31 December 2016)

About FIL Technology (Dalian) Limited

FIL Technology (Dalian) Limited was established in 2007 and it’s FIL's first wholly owned enterprise in China. The critical business of Dalian office is focusing on technology development and infrastructure support, the office served as a systems development centre to bolster our growing business for institutional clients and investors in Asia-Pacific and Europe.

Provide business solution to Fidelity International Asia-Pacific and European business

• Development and support of content & transactional websites, web & mobile tools, internal processing tools, client reporting & management reporting

Provide infrastructure support to Fidelity International Asia-Pacific and European business

• Collaboration Services, Service Desk, Service Management, Systems Delivery & Integration, IT Asset Management, Release Management, Data Services, Digital, Web, Middleware, Platform & Storage Services, Enterprise Network Services including Voice Services, Data Centre Services, Cloud Services

Provide operation support to Fidelity International Asia-Pacific and European business

• Support multiple countries and regions (including Japan, HongKong, Korea, Singapore and Taiwan)
• Provides fund data management, client account, deal and banking operations to Asia distribution business
• Provides fund documentation, investment trade and cash operations, and fund accounting operations to Asia asset management to Japan business

For further information please visit www.fidelity.com.cn / www.fidelityrecruitment.com.