职位描述
网站安全
应用安全
主机安全
CISSP
CISA
CISM
QUALYS
ACUNETIX
SIEM

Background and Role Summary
The primary responsibility of the Senior IT Security Officer (System) is to execute the company's cybersecurity agenda by evaluating, identifying, enforcing, mitigating, and overseeing security measures.
Responsibilities
 To liaise with IT development and system teams to ensure IT security best practice is catered throughout the system development and maintenance processes. Ensure security is factored into the evaluation, selection, installation, and configuration of
hardware, software, and applications.
 To put in place and work on the results of the measuring tools and management of the IT security, including host-system vulnerability and web application security scanner.
 To keep current with the latest security threats and risks. Manage regular review of IT security on system infrastructure, access control, network, software, applications, desktops, and endpoints.
 To perform IT security incident verification and investigation and work with various teams to resolve security incidents.
 Coordinate IT security activities such as IT security review meetings, reporting, and trainings.
 Prepare reports on IT compliance reviews, vulnerability management statistics, and security incidents, etc.
 Follow through any issues reported and ensure they are resolved or mitigated in a timely manner.
 To support, advise, and teach/train the end-users in the field of IT security.
 To elaborate on the engagement of service (SLA) and translate them into internal demands (OLA) in the field of IT security & compliance.
Qualifications & Requirements
 Degree in Computer Science, IT or related disciplines.
 Professional certificate in CISA, CISM; and with CISSP preferable.
 Minimum 5 years of IT experience in the role of IT security.
 Excellent knowledge in latest IT trends and tools e.g. Qualys, Acunetix, SIEM (Splunk or similar).
 Excellent and hands-on experience in project management in security program, e.g. penetration testing.
 Able to quickly acquire excellent knowledge of the Company's IT operations, infrastructure, policy and procedures.
 Good track records in deployment and implementation of IT security program.
 Excellent analytical skills and strong interpersonal and communication skills.
 Result-oriented with capability to drive, and work independently, efficiently and innovatively.
 Good teamwork player.
 Fluent in both written and spoken English and Mandarin.