Job based in Makati, Philippines with competitive expatriate package and benefits

We are looking for:
Information Security Senior Risk Specialist 资讯安全风控高级专员(风控部）

Interested? Email your updated resume with photo to jobopportunitymakati@gmail.com.

工作职责：

1. 提供技术风险管理咨询，着重于风险管理，安全审计、建设与提升安全能力相关工作；
2. 提供基于行业安全标准或行业规范的信息安全管理体系（ISMS）规划、安全解决方案、制度建设的指导服务；
3. 提供网络、主机、业务系统等相关资产的管理与技术风险评估，并提供整改方案或安全基线设计，协助品牌开展安全整改工作；
4. 评估集团的信息安全风险，制定集团信息安全政策、制度和技术标准，辅导并监督公司各相关部门落实信息安全政策、制度和技术标准，并负责评价总结和纠正预防等相关工作；
5. 信息科技风险管理体系的研究与建设，对信息科技风险控制措施和信息科技审计整改措施落实情况进行跟踪汇报；
6. 负责信息安全事故调查，技术性的风险评估，技术审计规划与执行，预判安全趋势并制定相关防控措施；
7. 从技术，流程，管理，统计等多种纬度协助对IT相关内部控制及风险管理的有效性进行分析、评估，并提出相应的改善方案

• to provide IT risk management consulting, focusing on risk management, security audit, creating and enhancing security capability related work;
• provide guidance on information security management system (ISMS) planning, security solutions, system construction services based on industry safety standards or industry standards;
• to provide network, host, business systems and other related assets management and technical risk assessment, and provide rectification program or safety baseline design to assist brand to carry out security rectification work;
• To assess the Group's information security risks, to formulate group information security policies, systems and technical standards, to supervise the relevant departments of the Company to implement information security policies, systems and technical standards, and to coordinate the consolidation of results and preventive measures;
• Research and construction of information technology risk management system and report on the implementation of information technology risk control measures and information technology audit and rectification measures;
• is responsible for information security incidents technical investigation, technology risk assessments, planning and conduction technical audits, understand security issue trends and the development of relevant prevention and control measures;
• Analyze and evaluate the effectiveness of IT-related internal control and risk management from a variety of latitudes such as technology, process, management and statistics, and propose corresponding improvement programs

职位要求 ：

1. 本科学历，信息安全、计算机、通信等相关专业优先；
2. 在信息安全管理领域或相关工作至少工作３年以上；
   3)了解最新的安全行业动态，具备体系化的安全知识；
3. 熟悉安全开发生命周期(SDL)体系建设，能进行企业级的安全现状评估并给出合适的安全建设建议；
4. 扎实的技术基础（例如日志审计、账号权限管理、安全编码、网站安全、信息防泄漏等），对企业内控体系和信息安全管理有丰富的实践经验；
5. 掌握Windows、Unix、Linux等操作系统的基本理论及操作；精通防Ddos、WAF(Web Application Firewall)、ATP (Advanced Threat Protection)、渗透攻击等安全产品和路由器、交换机、防火墙、加密机等设备的原理和使用；
6. 熟悉信息安全评估的理论和方法，熟悉安全审计技术，有丰富的实践经验；
7. 熟悉网络架构、操作系统及数据库系统，熟悉ISO27001、ISO10000等标准和规范，具备IT审计师、PMP等资格者优先；
8. 熟悉主要的信息安全和安全攻防技术，了解金融行业业务系统的安全控制技术和实现方案；
9. 熟悉业务连续性及信息安全方面的制度规范及技术等内容；
10. 具有多年信息安全咨询、安全审计经验，主导开展大型安全咨询项目者优先；
11. 具有良好资源整合能力，和业界合作能力，个人领导力, 良好的沟通能力和文档撰写能力，能够适应较大的工作压力

• Bachelor’s degree on information security, computer, communications and other related professions will be prioritized;
• At least 3 years work experience in the field of information security management or other related field;
• has an understanding of the latest security industry trends, with the system of security knowledge;
• familiar with the security development life cycle (SDL) system, can carry out enterprise-class security assessment and give the appropriate security recommendations;
• has a solid technical foundation (such as log audit, account rights management, security coding, website security, information leakage, etc.), solid internal risk control and information security management working experience
• basic understanding and operation familiarity of Windows, Unix, Linux and other operating systems; proficient in Ddos, WAF (Web Application Firewall), ATP (Advanced Threat Protection), penetration attacks and has a good understanding of the principles and uses of other security products like routers, switches, firewalls, encryption machines and other equipment;
• Familiarity with information security assessment, security audit technology, and has rich practical experience;
• Familiarity with network architecture, operating system and database system, background on ISO27001, ISO10000 and other standards and norms; IT auditor experience, PMP and other qualifications are preferred;
• Familiarity with the main information security and security offensive and defensive technology, understanding of the financial industry business system security control technology and implementation programs;
• Familiarity with the business continuity and information security aspects of the system norms and technology content;
• has many years of information security consulting, security audit experience, leading to carry out large-scale security consulting projects are preferred;
• has a good ability to integrate resources, and industry cooperation, as well as personal leadership, good communication skills and document writing ability, able to adapt to greater work pressure

Benefits:
Including but not limited to:
13th month + performance bonus
18-22 days annual leave
Accommodation and Food allowances

Remuneration: Negotiable