Objective of job
•Responsible for managing compliance level to the whole Daimler Security Policy and Risk Management Framework in Daimler Greater China and associated Legal Entities.
•Support in IT security related audits and drive security self-assessments
•Support in China Cyber Security Law related assessments and filling works
•Support in cloud risk analysis
•Responsible for IT Security process, policy & regulations management
•Responbible for IT security related law®ulation monitoring and interpretation
•Provide security support and consultant within project rollout and lead some execution of IT security projects
•Security incident and event management, vulnerebility mgmt., risk analysis, security finding’s mitigation, penetration testing, security architectural support
•Monitor information security and ensure the transparency
•Ensure IS Standards and controls are considered in all application life cycles
•Be responsible for analysis of security issues arising and provide solution
•Organize information security training for ensuring the increase of understanding and awareness of information security
Job designation
•ISMS and Risk Management
Daimler Greater China is integrated into the company-wide Information Security Management System and has a local adaption for itself and its legal entities. This ISMS has to be analyzed regularly together with all stakeholders. Effective countermeasures have to be developed and rolled out if required by ISMS. All risks have to be analyzed including Business Unit and IT processes with Daimlers Risk Management methodology. Development and control of risk mitigation actions on prcess and technical level is a main task.
Assist Risk Management, Corporate Security, Corporate Compliance and Corporate Audits in audit/assessment
Cloud risk assessment
•Information Security Roadmap and Management Reporting
Because of the global integration of the local ISMS an overall status for Daimler is required by Daimlers headquarter. Also the results of risk mitigating actions like penetration tests or project consulting needs to be integrated in a global Information Security Dashboard. This is done by direct cooperation between local counterparts and Information Security Team in Daimler Greater China.
•Support in operation/application security
Security incident and event management, vulnerebility mgmt., risk analysis, security finding’s mitigation, penetration testing, security architectural support