Responsibilities:

1. Perform vulnerability testing, risk analyses and security assessments；

2. Plan, execute and lead security audits across an organization；

3. Provide a written and verbal report of audit findings；

4. Define, implement and maintain corporate security policies；

5. Plan, research and design robust security architectures for any IT project；

6. Develop rigorous “best practice” recommendations to improve security on all levels

7. Determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks；

8. Respond immediately to security-related incidents and provide a thorough post-event analysis 。

Requirements:

1. Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering or related field(s) or equivalent demonstrated work experience；

2. 3-5 years of IT experience that includes at least 1 year in information security；

3. Solid Information Security background, including information and cyber security assessment, risk analysis, privacy, data protection, regulatory frameworks, as well as risk and security architecture；

4. Working knowledge of regulatory and industry data security standards (e.g. FFIEC, HIPAA, PCI, NERC, SOX, NIST, EU/Safe Harbor and GLBA)；

5. Understanding on ISO 27001/27002, ITIL and COBIT frameworks；

6. Familiar with IDS/IPS, penetration and vulnerability testing；

7. Experience on Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication；

8. Ideally hold CISSP, CISA, or CISM；

9. Good command of spoken & written Cantonese, English, Mandarin a plus.

微信分享