The ideal candidate will have good experience in different Cybersecurity areas (Security Operations, CSIRT, Pentest, Vulnerability Management, Cloud Security, DevSecOps), strong communication skills, as well as the ability to work across the IT organisation and the divisions to align information security priorities and controls with key business objectives.

Responsibilities

* Based on the group policies, ensure the right implementation and maintain the security of the key corporate information assets.

* Follow the global / zone / country IT Security policy, assist group CSIRT to conduct investigation in local market, proposing effective contingency measures, monitoring and taking action against intrusion, fraud and security -breaches or leaks and drive its compliance,

* Define all necessary patching and vulnerability remediation process for each IT domains and ensure their proper integration within IT operations,

* Arrange the pen test for local application with application owners and application vendors, and follow up with the finding remediation.

* Work closely with local IT owners to timely remediate all system vulnerability and cloud security alerts within defined SLA.

* Manage China threat intelligence operation and follow-up with all the potential data leakage incident.

* Assess, review and approve all firewall changes to secure the gate of network perimeter in China market.

* Understanding local business context, based on which, assess, review and approval for web filtering whitelist.

* Deploy a state-of-art web application firewall solution, make sure it covers all the websites used by business, in the meanwhile, make sure all the domain names used are in line with group DNS policy.

* Ensure excellence in Information security operations and appropriate service level agreement in response to IT security issues

* Define and review KPIs, metrics and SLAs, oversee performance, and monitor/ assess weaknesses and vulnerabilities,

* Elaborate and follow up corrective actions plan,

* Ensure appropriate information security Incident Management and escalation

* Alert the stakeholders in case of major risks threatening the information assets; if necessary decide on the critical actions to take,

* Initiate, facilitate and promote activities to foster information security awareness within the entity,

* Validate the exceptions to security policy or make them validated by the right instance,

* Keep constantly informed of innovation/market trends and implement relevant initiatives.

Qualifications

* At least 10 years in Cybersecurity field

* Knowledge and understanding of Cybersecurity operations and threat intelligence.

* Strong knowledge of application security, data protection, DevSecOps.

* Experience in the Penetration testing and Vulnerability scanning and remediation

* Experience in performing security reviews and risk assessments

* Familiar with security controls on Azure, AliCloud or other cloud platforms

* Experience as a team member of a large and/or complex cybersecurity-related project

* Experience in communicating risks and risk mitigation programs to the senior leadership and stakeholders

* Good project management skill and Fluency in English

* Security certifications are preferred, e.g. OSCP, OSCE, CISSP, CCSP, etc.

同上