Manager IT Information Security Product with Global MNC
Cornerstone Global Partners
- Company Industries:Human Resources Management/Consultancy
Job Information
- Post Date:2022-08-30
- Location:Quarry Bay
- Employment Type:Full Time
- Job Function:Information Technology (IT) Software Development
Job Description
The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.
To join us in IT you’ll need to be driven and equally happy whether you’re taking the strategic view or diving deep into processes. We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you’ll ever work with.
Your day to day:
• Act as SPOC for Information Security to implement, report and follow up on risk reduction activities with projects and BAU; and work together with key partners to lead all aspects of security improvement activities.
• Engages with business partners from the Product function on projects and activities that require Information Security expertise and advice.
• Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools.
• Perform active governance on key security metrics for systems under his/her responsibility.
• Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance.
• Lead security awareness trainings and provide coaching, trainings, promoting webinar attendance or similar activities to raise the security awareness of the function
• Take accountability or responsibilities of tasks required for the resolution of cyber incidents in impacting solutions under his/her responsibility, from identification to eradication, working closely with central/platform IT teams and InfoSec (e.g. SOC and IRM)
• Perform risk assessments and vulnerability management activities for functional support areas. Manage, monitor, and report on the full lifecycle of risk management at the system or platform level, from identification to closure.
• Drives cybersecurity resilience activities in the assigned functional domain (e.g. back-up, restored, Disaster Recovery)
• Support during internal or external audits.
• Support the Qualification and Validation activities required for GxP systems
• Ensure information security standards are applied to Laboratory Systems and Instruments
Who we are looking for:
Essential Requirements:
• Minimum 5-8 years of experience in an information security, IT risk management or IT audit function within a large organization
• Proven track record in supporting development teams throughout all phases of secure systems development life cycle (design, development, maintenance)
• Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.)
• Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Good understanding of modern technologies such as IoT, Machine learning, automation.
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Familiarity with most common web application security issues (e.g. OWASP top 10)
• General understanding of regulatory requirements (e.g.GxP, FDA) and their impact on systems.
• Experience working with supply chain partners and service providers.
• Good communication skills and ability to explain technical topics to non-technical people
• Practical experience in Agile/DevOps organizations and cultures
• Teamwork and collaboration across cultures and geographies
Preferred Requirements:
• Customer Service culture
• Basic understanding of Consumer electronics and Product Quality related security including manufacturing
• Experience supporting Product Development/Manufacturing/Testing/Labs environments.
QUALIFICATIONS AND EDUCATION REQUIREMENTS
Essential Requirements:
• Bachelor or Masters’ degree in Information Technology or equivalent
• Confirmed (5-8+ years) experience in IT for medium to large companies.
• Cloud certifications (AWS Cloud certified professional etc)
• Cloud security certifications (AWS, Azure etc)
Preferred Requirements:
• Software development certifications
• Information security or Risk management qualifications (CISSP, CISA, CISM etc)
To join us in IT you’ll need to be driven and equally happy whether you’re taking the strategic view or diving deep into processes. We'll make sure you're set up to succeed whatever your project is, our culture is agile and collaborative, and we genuinely believe our people are some of the best you’ll ever work with.
Your day to day:
• Act as SPOC for Information Security to implement, report and follow up on risk reduction activities with projects and BAU; and work together with key partners to lead all aspects of security improvement activities.
• Engages with business partners from the Product function on projects and activities that require Information Security expertise and advice.
• Engage with business and IT platform peers throughout system lifecycle on "security-by-design" and "privacy-by-design" concepts, methods and tools.
• Perform active governance on key security metrics for systems under his/her responsibility.
• Perform or take accountability for general IT control activities in scope of the solutions including evaluating 3rd party cyber maturity and performing ongoing vendor risk governance.
• Lead security awareness trainings and provide coaching, trainings, promoting webinar attendance or similar activities to raise the security awareness of the function
• Take accountability or responsibilities of tasks required for the resolution of cyber incidents in impacting solutions under his/her responsibility, from identification to eradication, working closely with central/platform IT teams and InfoSec (e.g. SOC and IRM)
• Perform risk assessments and vulnerability management activities for functional support areas. Manage, monitor, and report on the full lifecycle of risk management at the system or platform level, from identification to closure.
• Drives cybersecurity resilience activities in the assigned functional domain (e.g. back-up, restored, Disaster Recovery)
• Support during internal or external audits.
• Support the Qualification and Validation activities required for GxP systems
• Ensure information security standards are applied to Laboratory Systems and Instruments
Who we are looking for:
Essential Requirements:
• Minimum 5-8 years of experience in an information security, IT risk management or IT audit function within a large organization
• Proven track record in supporting development teams throughout all phases of secure systems development life cycle (design, development, maintenance)
• Good knowledge of typical application design patterns (e.g. web, mobile, thick client, etc.)
• Good understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Good understanding of modern technologies such as IoT, Machine learning, automation.
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Familiarity with most common web application security issues (e.g. OWASP top 10)
• General understanding of regulatory requirements (e.g.GxP, FDA) and their impact on systems.
• Experience working with supply chain partners and service providers.
• Good communication skills and ability to explain technical topics to non-technical people
• Practical experience in Agile/DevOps organizations and cultures
• Teamwork and collaboration across cultures and geographies
Preferred Requirements:
• Customer Service culture
• Basic understanding of Consumer electronics and Product Quality related security including manufacturing
• Experience supporting Product Development/Manufacturing/Testing/Labs environments.
QUALIFICATIONS AND EDUCATION REQUIREMENTS
Essential Requirements:
• Bachelor or Masters’ degree in Information Technology or equivalent
• Confirmed (5-8+ years) experience in IT for medium to large companies.
• Cloud certifications (AWS Cloud certified professional etc)
• Cloud security certifications (AWS, Azure etc)
Preferred Requirements:
• Software development certifications
• Information security or Risk management qualifications (CISSP, CISA, CISM etc)
Company Info
Cornerstone Global Partners is a China centric recruitment solutions firm with a global reach through offices in Greater China and 60 network offices around the globe. Cornerstone Global Partners provides multi-national clients entering or expanding operations in China and Chinese companies going outbound with a range of talent acquisition and talent management solutions.
These services include traditional C-level to mid-level executive search, market entry/outbound investment consultancy and organizational design solutions through their industry specialized Partners and Consultants.
For more information, please visit our website: http://www.cornerstoneglobalpartners.com/
| Position | Company | Location | Update |
|---|