奇瑞捷豹路虎 · 信息技术部

信息安全合规经理IT Compliance Manager

薪资面议  /  5年  /  上海

2020-06-19 更新

该职位HR要求填写
特殊信息

请用微信扫码后投递

因联合利华仅允许通过微信端网申
请注册/登录后直接点击“立即投递”扫码到微信端填写简历

请扫描公众号二维码进行人才推荐
多重好礼等你来~

我要推荐

若你发现本职位存在违规现象,欢迎举报。

提交成功

3s后自动关闭!

举报职位

职位属性

  • 招聘类型:社招
  • 工作性质:全职

职位描述

1. Strategy & Planning 战略与规划

o Create, and maintain the enterprise’s security awareness training program.

o Create and maintain the enterprise’s security documentation (strategies, policies, standards, baselines, guidelines and procedures).

o Create and maintain the enterprise’s Business Continuity Plan and Disaster Recovery Plan, where appropriate.

o Create the IT systems controls standards to form part of the enterprise controls manual.

o Work with Enterprise Internal Controls team to establish the enterprise segregation of duty matrix across IT systems.

o 创建和维护企业的安全意识培训计划。

o 创建和维护企业的安全文档(战略、政策、标准、基准、准则和程序)。

o 创建和维护企业的业务连续性计划和灾难恢复计划(如果适用)。

o 创建 IT 系统控制标准,作为企业控制手册的组成部分。

o 与企业内部控制团队合作,建立 IT 系统的企业职责分离矩阵。

2. Acquisition & Deployment获取与部署

o Select and acquire additional security solutions or enhancements to existing security architecture to improve overall enterprise security maturity levels according to the enterprise and its parent company’s security requirements.

o Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best practices generically and the enterprise’s security documentation specifically.

o Oversee the deployment of information system controls change projects and ensure the enterprise IT solutions is compliant with internal control requirements

o Involve in new IT delivery programmes and projects and ensure controls and segregation of duties requirements are satisfied.

o 根据企业整体及其母公司的安全要求,在现有安全体系结构上选择并获取其他新的安全解决方案或的增强功能,以提高整体企业安全成熟度级别。

o 根据标准最佳实践和企业安全体系,监督所有新安全解决方案的部署、集成和初始配置,以及对现有安全解决方案的增强。

o 监督信息系统控制变更项目的部署,确保 IT 解决方案符合内控要求

o 参与新的 IT 交付的项目群和项目,以确保满足相应的控制和职责分离要求的实施。

3. Operational & Compliance Management运营与合规管理

o Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/ from/ through enterprise workstations, servers and other systems and in databases and other data repositories.

o Ensure the enforcement of enterprise security documentation.

o Manage risk by analyzing the root cause of security related issues, impact to technology and business and required corrective actions leveraging advanced analytical skills.

o Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documentation.

o To participate and provide dedicated support on dealing with any internal and/ or external security / controls audits, responsible for providing management response and monitor the progress on implementation of security / controls related recommendations.

o 确保在,从其中传输出/传输到/传输中经过公司工作站、服务器和其他系统以及数据库和其他数据存储库中的数据的机密性、完整性和可用性。

o 确保实施企业安全体系的执行。

o 通过分析与安全相关的问题的根本原因、对技术和业务的影响以及通过利用先进的分析技能得出纠正措施来管理风险。

o 对所有员工进行定期安全意识培训,以确保始终高度遵守企业安全体系。

o 对所有的内部和/或外部安全/控制审计进行参与并提供有关处理的专门支持,负责提供管理层响应并监控安全/控制相关建议的实施进度。

任职条件

1. Bachelor or above degree

2. Minimum 5 years of working experience in Information Security, IT Controls or other Risk Management activities; Automobile industry experience is highly desired.

3. Experience working in an environment that SAP as an enterprise solution is deployed is highly desired

4. Knowledge over industry standards such as ISO27001, COBIT, ITIL is preferred.

5. Experience with technology infrastructure, security engineering and /or application development supporting environments with security requirements

6. Able to interpret and apply policies, standards and procedures, and technical requirements and explain complex and technical principles.

7. Strong risk analysis and problem solving skills. Sound communication skills both for oral and writing in Mandarin and English.

8. Self-driven, and able to work independently and manage a team and/ or project consisting of 2-4 members.

9. Preferable with technical certificates such as CISSP, CISM, and CISA

职位要求

  • 学历要求:本科及以上
  • 工作经验:5年
  • 外语要求:英语熟练