IT Security - Assistant Manager
This role is responsible for the information security protection and management of the IT environment , ensuring the availability, integrity and confidentiality of network infrastructure, application system and data. He/she will work with internal and external parties, including the IT outsourcing team, to identify risks, develop security measures to mitigate the risks, manage various security technologies, and raise user awareness on security best practices.
Develop and enforce IT securities policies,
procedures, and standards
Coordinate with internal and external auditors
to perform information system audits
Work with outsourcing vendor to provide on-going
support to security monitoring, SIEM tuning, security incident response, and
Arrange user training and activities to raise
the IT security awareness
Undertake risk assessments of new and existing
systems to ensure security
Work with various parties to identify solutions
for security risks identified
Provide security expertise on a variety of
security enhancements and initiatives (e.g., SIEM tuning, DLP, egress
filtering, virtual network segmentation, next-gen firewall, web application
Remain current on technical developments and
evolving threat landscape and advise management on counter measures
Identifying vulnerabilities in our current
systems and provide solutions.
Work closely with outsourcing vendor to follow
up and close the vulnerabilities.
Keeping up to date with developments in IT
security standards and threats.
Performing penetration tests to find any flaws.
Collaborating with management and the IT
department to improve security.
Documenting any security breaches and assessing
Educating colleagues about security software and
best practices for information security.
Continuously updating the incident response,
disaster recovery plans, and business continuity plans.
Perform other duties as assigned by supervisor
Bachelor degree in IT, Computer Science or
technology related discipline
A minimum of 5 years of IT experience with 2-3
years in IT security in sizable enterprises. Candidates with more experienced
will be considered as Manager, Information Security
Ability to educate a non-technical audience
about various security measures.
CISSP, CISA, CISM or ITIL Fundamental
Certification would be an advantage
Proven on-going support and operational
experience in an IT security monitoring, SIEM tuning, security program
Extensive knowledge of cybersecurity, SIEM,
ISO27001, DLP, next-gen firewall, web application firewall and specific
technologies like splunk, Appspider, Tenable, etc.
Professional level business Chinese and English
is a must, both written and verbal.