IT Security Analyst - Compliance
EY安永 查看所有职位ShanghaiUpdate time: August 26,2019
Job Description
Successful organizations depend on their reputation for keeping promises, respecting laws and behaving ethically to maintain stakeholder trust. EY Forensic & Integrity Services professionals help organizations protect and restore enterprise and financial reputation. We assist companies and their legal counsel to investigate facts, resolve disputes and manage regulatory challenges. We put integrity at the heart of compliance programs to help better manage ethical and reputational risks.
We understand how organizations navigate complex environments; how pressures, attitudes and culture influence employee actions; and how to leverage data analytics to improve compliance and investigation outcomes. We are committed to making integrity the cornerstone of a better working world.
Key responsibilities:
Qualifications, Education and Certification
To qualify, candidates must have:
We understand how organizations navigate complex environments; how pressures, attitudes and culture influence employee actions; and how to leverage data analytics to improve compliance and investigation outcomes. We are committed to making integrity the cornerstone of a better working world.
Key responsibilities:
- Planning and conducting information security reviews using relevant cyber security standards, such as: ISO 270001, NIST cybersecurity framework, CIS controls, PCI DSS
- Assisting in developing and improving information security assessment program elements.
- Assisting in developing, improving and implementing information security standards and requirements to guide business partners and third parties in adhering to security requirements
- Identifying information security deficiencies or risks; providing escalation paths for information security issues, incidents and inquiries.
- Partnering with senior management in business, legal and compliance departments to ensure the security assessment program is in line with our corporate values, compliance programs, laws and regulations, and enabling the business to achieve its objectives
- Researching laws, regulations, and policies as they pertain to information security and providing advice and assistance to internal and external partners and affiliates.
- Identifying potential risk issues and recommending improvements or appropriate internal controls.
Qualifications, Education and Certification
To qualify, candidates must have:
- 2-3 years working experience in an information security, IT audit or IT risk management related role.
- CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor or comparable certifications.
- Knowledge of IT Risk and Security governance frameworks such as ISO 27001, NIST cybersecurity framework, PCI, and HIPAA.
- Understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols.
- Experience writing Perl, Python, scripting, programming, or other languages is a plus.
- Experience with Databases, SQL knowledge is a plus.
- Understanding of risks in banking / financial services sector are an added advantage.
- Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs.
职能类别: 其他
微信分享
联系方式
上班地址:上海市浦东新区世纪大道100号上海环球金融中心50楼
Get email alerts for the latest"IT Security Analyst - Compliance jobs in Shanghai"