Posted on Aug 31 2016 (8 months ago)
The Infosec Manager is responsible for the secure delivery of our learning platforms and technical systems within several products, globally. Our digital learning platform is the foundation of our business around which all other products are built.
You will be required to conduct technical risk assessments in order to ensure that controls and compliance requirements are enforced across all projects, initiatives and operations within our digital and offline platforms. Additionally, this person will provide information security contributions to the strategy, budget, development, deployment, operation and maintenance of all systems, websites, software and hardware to support global and local business unit needs.
This is a critical responsibility and the solutions you implement should provide capabilities for today and have the flexibility to support future business objectives and goals. The Infosec Manager must have experience of working within highly complex and fast paced environments, and gained strong information security experience. Candidates must have a strong track record of performing technical risk assessments, and developing risk treatment plans, as well as a broad infosec technology and governance understanding. This is a technical, hands on role, and you will be implementing solutions, not just advising.
We will provide you with a series of challenging infosec projects together with the tools, environment and support needed to give you the best possible chance of succeeding. More than that, we will give you the opportunity to work within a culture that is energetic, passionate and innovative, working with some of the most impressive people in technology! Bring your passion, curiosity, and talent to our team and we will give you an environment full of challenges to flourish in.
Core Responsibilities Include
· Manage and lead internal and external resources to prevent, detect and mitigate Information Security risk to the business units and act as point of contact for matters relating to Information Security
· Identify, define and provide security requirements into new projects, services and carrying out third party security assessment on new vendors and suppliers to ensure compliance to the company standards and governance.
· Create documented security standards, processes and baselines, and participate in continuous improvement of Information Security maturity across the whole organization.
· Contribute to the creation and delivery of a security roadmap for the business units.
· Accountable for technical escalation for incidents, liaising with other departments/3rd party support partners as required, resolving issues within the defined Service Line
· Proactive management of security controls and countermeasures. Plan, develop, deploy, test and optimize the infrastructure systems and services, taking responsibility for security improvement projects
· Advise on changes to infrastructure systems or services in accordance with information security policies, best practice and any compliance requirements.
· Ensure that policies and procedures are followed.
· Provide security measurement (KPI’s, Metrics).
· Represent Information Security at internal meetings and external events.
· Fluent in English - required
· Some Chinese preferred
· Ability to travel up to 20%
· Able to commit to living in Shanghai for a minimum of 3 years
· Experience working in a large and/or global matrix organization
Required Skills and Attributes
· Excellent communication skills – clear, simple, apolitical
· Strong negotiation skills to influence cost and risk based decisions
· Cross-cultural project management or stakeholder management experience preferred
· Experience managing a budget (either project based or department based)
· Ability to articulate security advice directly to key stakeholders, including up to CIO or IT Directors level
· Ability to prioritize workload under pressure, to meet deadlines and manage multiple business unit’s project expectations
· Strong understanding of the business relevance of information risks and the current trends and developments in information security
· A BS or MS in information security or computer science is preferred
· Ideally CEH, CCP IA Architect, CISSP or similar information security qualifications
· At least 3 years’ experience of a technically focused security role
· Experience of all key security technologies (eg. Firewalls, IDS, IPS & Endpoint security controls)
· Experience in implementing security governance and compliance solutions (eg Data Privacy regulations, PCI, ISO27001)