:

Mission & Main Tasks:

IT Security Specialist monitors, assesses and analyze IT security incidents and events reported in our monitoring tools, Firewalls, Antivirus systems. Following the incident response procedure. Following predefined actions on high severity issues including escalation to the stakeholders. Maintaining and report incident KPI's on a monthly basis. Performing risk assessments for applications and projects, consulting and observing IT security risks in projects and operation maintenance work. And also provided related IT security awareness trainings.

Job Duties:

IT Risk Management

• Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
• Provide technical expertise and direction in security architecting, designing, developing, deploying, monitoring and supporting enterprise system infrastructure and support project team with Architecture board security risk check.
• Provides security consulting and advisory service to business units and project teams.
• Identifies security risks and Conducts security assessments of systems and applications using penetration tests and ethical hacking tools and risk assessment/mediation methodologies to evaluate vulnerabilities.
• Collect, evaluate and maintain data concerning risks and develops strategic solutions to address security.
• Perform risk assessments and mitigation of vulnerabilities.

IT Security Incident Management

• Understanding Company's information security incident management process
• Responsible for Information security incident handling
• Regular vulnerability scan and follow up the mediation plan and meet incident KPIs.

IT security awareness

• Plan, conduct and monitor adequate measures to enhance the IT security awareness of all relevant Audi China employee groups
• Assists in training new staff in the functions of the tools and systems.
• Assists with implementation of security compliance initiatives and security awareness as required

Other Tasks:

• Information Classification guide, awareness, maintenance
• Responsible for implementing and maintaining continuous process improvement work environment, recommending and implementing new/improved process in accordance with industry standards.
• Assists in creating and enforcing security standards and procedures
• Define and maintain the Business Continuity/Disaster Recovery Plan in coordination within VCIC IT Security

Qualifications:

Education:

• Bachelor’s degree in Computer Science, information Systems or related field, or equivalent work experience

Professional skills:

• 3-5 years of combined IT and security, audit, or compliance related work experience

Personal skills:

• Good analytical ability
• Good organization and communication skills
• Working toward security, audit, or compliance certifications such as CISA / CISSP Certifications desired

Language skills :

• English (advanced)
• Mandarin (mother tongue or equivalent proficiency)
• German (will be a plus, but not mandatory)