转发一个上海的猎头朋友招聘帖子-信息安全经理 -- 上海外企，不差钱！

fxj5257

急聘：信息安全经理 -- 上海外企，不差钱！

置顶锁帖修改删除

Position – Manager / Lead Manager, Information Security Risk Management, SA&A薪水OPEN
Reporting To – Group Manager - Information Security Risk Management, SA&A

Number of years relevant experience – 6 to 10 years

Scope of responsibilities – APAC region ( China, Australia, rest of APAC)

Proposed Job Responsibilities –

1. Work with the local teams as part of SA&A Risk Management team to facilitate –
• Risk analysis of services and assets
• Implementation of risk mitigating controls
• Measurement of control effectiveness through metrics
• Effective closure of all internal/external audit observations
• Requirements sign off and UAT from security perspective, for IS applications owned by the concerned BEF or subsidiary specific internal applications.
• Implementation of controls for compliance with SOX, FISAP or equivalent requirements
2. Work with the delivery account / process teams within the subsidiary to facilitate –
• Assistance to delivery accounts to ensure and track compliance with contractual requirements from information security perspective
• Providing information security expert assistance for audit isit by customer/prospect
• Effective closure of all internal/external audit observations
• Measurement of control effectiveness through metrics at a delivery account level
• Providing information security expert assistance to delivery accounts for external audits e.g. ISO 27001, SAS70, PCI etc
3. Provide assistance to SA&A Risk Management Team activities e.g. creating security awareness in the subsidiary
4. Provide support and seek assistance from SA&A Audits & Assurance Team for scheduling internal systems and process audits.
5. Provide support and seek assistance from SA&A Engineering team for issues related to secure system/network configuration, secure technology evaluation and forensic investigation.
6. Provide support and seek assistance from SA&A Incident Management Team for issues related to security incident management.

Pre-requisites –

1. Must have information security implementation related experience of 6 to 10 years.
2. Must have good understanding of information security related standards like ISO 27001, PCI, COBIT
3. Relevant certifications like CISA, CISSP, CISM, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer would be preferred.
4. Should have good understanding of basic concepts of networking, TCP/IP, Security issues in operating systems (e.g. Microsoft Windows), information security risks in networks, systems and processes etc.
5. Previous hands on experience in terms of IT systems integration, administration or network design etc. would be additional advantage.
6. Should have keen interest to learn about new trends in information security and ability to apply the knowledge to identify and mitigate new areas of risks.
7. Should have the ability to manage projects involving cross functional teams.
8. Should have excellent communications skills in English and Mandarin languages.
9. Should be a good team player since this involves working with geographically distributed teams.
10. Must have ability to understand IP laws and protection mechanisms in China and Australia.
11. Should have the ability to bring experience of progressive Information Security practices from the region.
12. Should have about 6 – 10 experience in working with multinational companies; with demonstrated ability to effectively interact in the region (Primarily China and Australia).

只要合要求，薪水都可以谈
单位地：上海浦东。张江
有意的朋友简历请投至： <!-- e -->hunter@wide-keen.com<!-- e -->
或MSN交流：lynnwq@live.cn