Key Responsibilities:

• Work closely with Corporate Information Protection Service team to ensure all security protection measures, policies, and procedures, including general IT standards, are designed, implemented, and functioning as planned throughout China as well as globally;
• Research virus outbreaks, vulnerabilities, penetration test, and other suspected security problems globally and work with/advise local IT staff on how to fix the issues. Run or assist in IT Security projects; Configure, maintain, and troubleshoot all security technologies to ensure applications, users, systems, and the network continue to operate securely and in a globally consistent manner. This leader must ensure that all security operations and work is consistent with the IPS Security team approach globally. Regional variances must be kept to a minimum to ensure consistent operations of fault-tolerant/automated technologies, processes, and support by any of the IPS Security staff
• Meet with local users throughout China, IT staff, and business leaders as appropriate to understand local needs as affected by security and work with the rest of the security team to address the needs. Also keep this same group informed of security policies and procedures and be willing to evangelize security as a business enabler and protection measure
• As possible keep abreast of regional laws and practices that might affect how company handles data, implements technologies, and addresses policy violations. This knowledge is expected to be gained via keeping current with security industry publications, working with other security professionals in region, and in discussions with regional legal and human resource teams. Also keep current in IT Security trends and technologies by reading/following security industry publications and networking with other security professionals
• Periodically review local operations, educate on security issues specific to that area, and ensure compliance to policies and standards. Perform security technology implementation or updates per the approved global IPS Security project portfolio or operational duties
• Provide spirited, positive leadership when working on projects, issue resolution, and prevention improvements. Challenge obsolete practices; question accepted truths. Develop practical systems scope that enhances the business function. Control the project scope, resources, and quality within budget and schedule to meet objectives
• Assist in providing inputs for project review meetings and management presentations
• Provide analysis, counsel, and direction to personnel on other teams or business units to analyze security problems on their projects and advise on how they are to securely deploy & maintain their solutions. Maintain an understanding of business processes and the implications of computer systems on these processes

Knowledge, Capabilities and Experience:

• Sound knowledge of information security principles & technical security controls
• Strong and demonstrable analytical skills
• Specialist knowledge in one or more of the following areas:

a) Web application security

b) Mobile application security (Android, iOS, Windows)

c) End point security

d) Wireless security

e) Network security

f) Encryption

g) Application programming

• Penetration testing certification is a plus
• General knowledge of information security, including infrastructure security, application security, identity and access management, compliance frameworks, and other regulatory requirements such as PCI and SOX
• Application programming experience is a plus: Java, Node.js, JavaScript, HTML, XML

Key Requirements:

• At least 5 years of technology experience in security operation
• Excellent understanding on security risk management model. Familiar with security technology implementation and on-going maintenance for firewall, remote access, encryption, authentication, virus control, vulnerability scan, DLP, content filtering, monitoring. Experience on cloud and e-business security evaluation is plus
• Thorough knowledge of internetworking, including TCP/IP, IPsec, routers, IP internetwork configuration and design
• Substantial knowledge of information security practices and technology
• Experience with standards work in security, such as ISO 27001, PCI etc.
• CISSP, CISA, CISM certified or equivalent qualification is plus
• The ability to read, write, and speak English and Mandarin
• Bachelor’s degree required preferably in Information Technology, IT Security or related field

上班地址：徐汇区桂箐路65号新研大厦B座24楼