Responsibilities

?Responsible for designing, assessing and effectively implementing information security strategies, framework, architectures, and solutions based on best practices aligned with business and IT strategy, develops actionable blueprints, continuous improvement roadmap, principles, models, designs, policies, standards, procedures and guidelines, specialize in multi-information security domains, such as: Information Security Practice, Information Technology Discipline, Application security design & Implementation, infrastructure (Communication and Network, Server, Storage, etc.) security design & implementation, security assessment, vulnerability assessments, risk management, Identity & Access Management (I&AM), Data Loss Prevention (DLP), Security Information & Event Management (SIEM), BCM, IT audit, etc

?Provide expert hands-on technical support and guidance on Information Security areas, to perform information security duties and assist in ensuring organizational compliance with security requirements, and coordinate information security incident response activities across the organization, etc.

?Ensure to keep up to date with the latest technologies, security information, potential threats and industry benchmark

?Regularly partner with the infrastructure, service delivery and application operations and development teams to deliver security related initiatives

?Provide regular training to all employees regarding information security and cyber security

Qualification Requirements

?15+ years of overall IT experience, with 5+ years of solid experience of information security for multi-national companies.

?In-depth knowledge and solid experience with a wide range of information security domains, such as:: Information Security Practice, Information Technology Discipline, Application security design & Implementation, infrastructure security design & implementation (Communication and Network, Server, Storage, etc.), security assessment, vulnerability assessments, risk management, Identity & Access Management (I&AM), Data Loss Prevention (DLP), Security Information & Event Management (SIEM), BCM, IT audit, etc.

?Practice experience to develop the technical strategies, blueprint, improvement and optimization roadmap, design, deploy and implement the solution for Information Security

?A proven track record for thinking beyond current-state information security and technology issues, integrating technologies for complete solutions across the enterprise wide, as well as the ability to provide technology, platform, tooling assessments and recommendations, ensuring compatibility with information security strategic and technology for future

?Experience in information security policy frameworks and IT management standards (ISO 27001, ITIL, COBIT, BCM, etc)

?Knowledge of information security compliance, auditing, internal controls and general security

?Good understanding of information security risk management frameworks and risk management process with ability to perform risk assessments and to advise and support mitigating actions

?Good understanding of enterprise wide Vulnerability management

?Good understating in how to integrate information security and data privacy when building, buying, improving and managing IT systems

?Good understanding of running and maintaining an information security program

?Strong understanding of current technology trends, security best practices, and cyber security threats

?Practical experience and working knowledge related to a broad range of information security tools, concepts and technologies, such as:

？Endpoint protection, Security management and controls with Firewall, Router, OS – Unix, Windows, business applications, database, mobile technologies (e.g. IOS, Android), etc.

？Network and system Security Monitoring

？Encryption

？Network and system Vulnerability Scanning (Including: IDS/IPS) and Penetration Testing

？Application security testing and code review

？Data Loss Prevention (DLP)

？Log Management, and Security Information and Event Management (SIEM)

？I&AM - Identity and Access Management

？Cloud security solutions

?Willingness to lead/contribute hands on work in service operation

?Excellent troubleshooting skills in area of expertise to isolate, diagnose and implement corrective actions for problems and issues as required.

?Excellent analytical skills and reporting capabilities,

?Excellent customer service and consulting skills

?Excellent interpersonal skills with customer service-oriented manner to build and sustain key relationships across a wide and varied group of management and staff

?Skills in influencing and negotiation methods and techniques with ability to influence and persuade others outside his/her direct control

?Ability to work under tight timelines and high-pressure situations with high degree of accuracy.

?Excellent communication, collaboration, and organizational skills.

?Bachelor degree in computer science, or equivalent work experience

?Self-driven and independent

?Fluent in English, both verbal and written

Preferred

?Holder of certifications such as CISSP, CISM, CISA, OSCP, CWSP, CCSP, GIAC, CEH, Security+, MLPS, PMP, ITIL, and/or other related certifications is advantage

?Experienced in delivering information security trainings is preferred

?Experience on project management, vendor management including contract negotiation and service level management is a plus

上班地址：北京市海淀区学院路30号科大天工大厦A座12层