Please note that this position is handled by the recruiter in Dalian, so the call will come from Dalian, Liaoning.
Job summary

The (Senior) Information Security Engineer is responsible for enhancing the security of the company’s IT infrastructure and its information by working together with internal IT and IS teams. In the long term, this position would be heavily involved with Dezan Shira’s external clients for providing IT security advisory services as well, once the internal information security situation has reached a high enough standard. Consistent customer care, quality standards, strong communication skill, and reporting requirements are core competencies for the position. Ability to quickly adapt to changing priorities and fluctuations in workflow are also requirements of the Information Security Engineer role.



Principal Responsibilities: (Essential Function)

Security Management
Auditing IT security level of all global offices and managing the information security threats associated with the operational environment

Reviewing existing IT infrastructure, locating weaknesses and developing improvement plans

Coordinating internal IT / IS team to implement security enhancement and mitigating security risk

Setting up and monitoring network and system baseline

Reviewing data backup strategy and plan, providing suggestions for improvement

Investigating, coordinating and addressing information security incidents

Performing penetration tests and forensic analysis


Risk Management
Communicating with senior management and other stake holders to understand the business solution, and creating risk management plans accordingly

Developing & reviewing Business Continuity Plan and Disaster Recovery Plan


Security Policy, procedure, guide
Creating security management systems via the analysis of business operations

Developing and carrying out security policies, procedures, and guides

Helping operation team to better comply with related security law & regulations, like Cyber Security Law of China or General Data Protection Regulation of EU

Reviewing and improving existing security control documents


ISO27001
Deeply involved in ISO27001 project to allow the company (or specific office) to be certified


Security awareness
Conducting and implementing information security awareness campaigns to all staff

Arranging the security related training to internal IT / IS team


Compliance
Tracking compliance to laws and regulations in IT field

Coordinating with legal and operational teams to identify compliance gaps and perform improvement actions


Client service
Providing IT security related advisory and implementation service to our clients

Performing IT Audit by coordinating with Audit team when needed


Other tasks
Occasionally providing IT support to local office staff as a backup role when local IT support team is temporarily not available.



Job Requirement
Skills

Good knowledge of IT domains such as networking, operation system, system software, infrastructure, and their common vulnerabilities

Hands-on experience with common security tools, system hardening, website protection, and a certain level of scripting / programming skill

Good working knowledge about IT security standards like ISO27001 / PCI-DSS / COBIT…etc., and common law & regulation in IT field, like GDPR, CSL, MLPS, and their impact on business operation
Knowledge and experience on cloud security / mobile security / ERP system / SQL database / IT audit will be a plus

Good verbal and written communication skills, must be able to use English as working language

Problem solving skills, organizational skills, and the ability to exercise sound judgment in any customer service scenario

The selected candidate must be good team player with self-motivation and have the ability to work independently with minimal direction

Willingness to travel and work beyond office hours in case of any urgent and important incidents



Education

Bachelor in IT or related discipline

CISSP / CISA /ISO27001 /Microsoft 365 or Azure certification will be a plus



Experience

3-5 years of experience in IT, with at least 2 years focus on information security

Working experience in multi-national company will be a plus

其他信息
语言要求：英语
行业要求：全部行业
所属部门：GIT&IS