•Implement ‘IT in engineering laboratory/manufacture' in plant according to central directive （ITL/ITM）

根据中央指令在工厂实施IT工程实验室/制造中的应用设置

Defining and implementing engineering laboratory/manufacture infrastructure concept (including IT devices, network, server and database, etc.) considering both daily operation and future needs

定义并实施工程实验室/制造基础设施的IT设置及使用方案（包含IT设备、网络、服务器及数据库等），兼顾日常运营与未来需求

Define and ensure organizational measures for data security in laboratories/manufacture

制定并落实实验室/制造环节的数据安全组织措施

Training and coordination of local lab/MOE organization

培训并协调本地实验室及生产现场的IT及网络安全

Perform annual IT security audits in local laboratories/manufacture

对当地实验室/生产现场执行年度IT安全审计

Consulting for setup and acquisition of related equipment

提供相关IT设备配置与采购咨询

Perform regular communication with local Engineering/manufacture management on ITL/ITM topics

定期与本地工程/制造管理部门就ITL/ITM议题进行沟通

•IT and data security for business data and local developed application/systems （LAC- local autorization co-ordinator）

业务数据及本地开发应用/系统的IT与数据安全

Define and implement security checklist and control process

制定并实施安全检查清单与控制流程

Support risk assessment and implement measures accordingly

支持风险评估并落实相应措施

Yearly risk re-certification for running applications

运行应用程序的年度风险再认证

•ISP, IDM and access management

ISP、IDM及访问管理

User Training & awareness improvement in department

部门用户培训与意识提升

Provide security consult to served departments

为服务部门提供安全咨询

Document and regular updating of ISP concept according to central directive and regional laws

依据中央指令及区域法规记录并定期更新ISP方案

Define data protection method in department level to avoid business loss

制定部门级数据保护方法以避免业务损失

Department folder Authorization concept definition

部门文件夹授权方案定义

Local application registration and management

本地应用程序注册与管理

Non-standard software management to avoid compliance issue

非标准软件管理以规避合规风险

Authorization application in IDM and regular checks to ensure proper usage

在IDM中实施授权申请机制并定期核查确保规范使用

•Other relevant tasks arranged by superiors for achieving company’s objectives.

上级交办的为实现公司目标的其他工作。

•Education学历

Bachelor or above degree, major in Computer Science, Information Security, Information System, Information Management or other similar majors.

本科及以上学历，计算机科学、信息安全、信息系统、信息管理或相关专业。

•Experience工作经验

Minimum 3 years work experience in cyber security, data security, newwork and server maintainence, Computer Hardware or Software management, previous relevant working experience in a global environment is an advantage.

三年以上网络安全、数据安全、网络及服务器运维、计算机硬件或软件管理相关工作经验，有跨国企业从业经历更佳；

•Skills技能

•Basic understanding of information security and/or IT governance and/or access and identity management topics

具备信息安全和/或IT治理和/或访问与身份管理领域的基础知识

•Self-confident, Communication/influence skills, Presentation Skills, team player

自信果敢，具备沟通/影响力技巧、演示能力，善于团队协作

•Clear and fluent in Mandarin, Good written and oral English

普通话清晰流利，英语书面及口语能力良好

•Proficient in the use of word, excel, ppt and other commonly used office software

熟练使用Word、Excel、PPT等常用办公软件

•Meet with below requirements are preferred

符合以下条件者优先：

Entitled as CISA or CISSP or ISO27001 IA/LA or PMP/Prince2

持有CISA、CISSP、ISO27001 IA/LA或PMP/Prince2认证

Digital talents who are familiar with python, power platform, etc.

熟悉Python、Power Platform等技术的数字化人才

•Other其它

•Positive attitude, proactive and initiative

积极的态度，前瞻性和进取心

•Well organized, logic thinking, attention to details

思维清晰，有逻辑，细心

•High reliability and confidentiality consciousness

高度的责任心和保密意识

•Good health

身体健康

•Good professional ethics

良好的职业道德

•Care about details and precision

注重细节及精确性

•Self-motivated and able to work under pressure

能够自我激励并承受工作压力

•Able to work overtime if necessary

必要时可以加班

•Hold positive attitude whenever facing different opinions or other problems and take nessesary actions to facilitate solutions

出现意见不合或其他问题时能够以积极的态度应对，并采取行动积极配合以促进问题的解决。