Information Security Lead

Back to Job search

Job Summary

  • Shanghai
  • Permanent
  • Ref ID: BBBH834855
  • 23 Nov 2022
  • ¥61k - ¥80k pm

Job Description

Insurance Broker

【Information Security Lead】
Experience

* Bachelor's degree or above, major in information security related is preferred;

* 8 years or above related work experience in information security, CISSP, CISM, AWS Certified Security, and ISO27001 certification qualifications are preferred, and experience in financial industry information security is preferred.

* Familiar with information security laws and regulations and industry standards, and have led information security assessment and compliance audit projects

* Have good communication and coordination skills and the ability to handle emergencies.

* Participating in ISO and other certification projects is preferred.

* At least 5 years experience in team management.

* English can be used as a working language.

Responsibilities

* Familiar with CSL/DSL/PIPL/MLPS2.0/ISO27001 and other regulations and standards, responsible for the tracking and interpretation of information security regulations and participating in the construction of the China Information Security management system (incl. policies, standards, guidelines, SOPs, etc.).

* Ensure the policies are implemented and monitored successfully, manage third-party service providers and Internal staff

* Overseeing the information security strategy planning, security capacity construction (Technical control implementation), Incident Response, and the implementation of information security policies and solutions.

* Experience in design, advisory, and oversight of technology risk and control design coordination to mitigate risk for IT control environment

* Familiar with the internal training and awareness process, able to establish training materials & deliver information security training to internal staff based on existing and new regulatory requirements

* Experience with controls associated with the key cyber capabilities, such as but not limited to:

* Network perimeter and firewall security configuration, LAN, WAN, WLAN, DMZ, Proxy, Private/Public Cloud Controls, and Automation

* Application Security, Operating Systems, System hardening standards, and configuration monitoring

* End User Networking, Remote and local network access management

* Data protection controls for Network, Email, Web, Middleware, Virtualization, and Data Backup & Recovery technology areas

* Experience in cloud security in any of the public clouds is preferred

* Ability to operate autonomously and navigate ambiguous situations without direct supervision

* Work in a matrix organization, providing regular management security risk reporting to senior Global Security Management and with direct reporting to regional stakeholders in China leadership.

Agnes Yang's picture
Agnes Yang