Information Security Assistant Manager(歡迎身心障礙者)

As an Assistant Manager of Information Security and Risk Management (ISR), the role works with a high level of autonomy and discretion, assists Technology Director to develop security measures to safeguard digital assets, maintain secure technology environment, and ensure compliance with security standard and personal data protection law. 

- In charge of managing comprehensive information security governance and risk control across the organization, including planning, executing, and documenting technical assessments and audits for networks, applications, system development, and IT processes to safeguard against cyber threats and attacks.

- Working collaboratively within agile technology teams to provide security guidance and support, facilitating platform development, fortifying digital ecosystem, strengthening data protection, and reinforcing IT foundation

(Job Description)

- Formulate and implement comprehensive information security strategies to
shield digital assets and defend against cyber threats. This includes addressing
areas such as DDoS mitigation, Web Application Firewall (WAF), Cloud Firewall, API
security, Container Security, Identity and Access Management (IAM), Zero Trust
Network Access (ZTNA), Database Audit, and other specified domains, ensuring
resilient protection against emerging threats. - Collaborate with cross-functional and Regional/Global ISR teams to ensure
the integration of security measures into operations and applications for cloud,
on-premises data centers and business workspace. These measures include
implementing High Availability and Disaster Recovery, deploying Firewalls,
ensuring Data Loss Prevention (DLP), managing Endpoint Detection and Response
(EDR)/Extended Detection and Response (XDR), enhancing Email Security,
fortifying DNS Security, securing IoT devices, and implementing Encryption
Technologies. - Drive initiatives related to Secure Software Development Lifecycle (S-SDLC),
DevSecOps, Security Requirement Analysis, Threat Modeling, Vulnerability
Scanning, Penetration Testing, Security Operations Center (SOC) and Security Orchestration, Automation, and Response (SOAR), Incident Response, and
Forensic Investigation. - Establish a robust monitoring mechanism for infrastructure and operations,
continuously reviewing alerts and logs to vigilantly monitor the digital security
footprint to ensure timely detection of security incidents and compliance with
security policies. - Lead efforts on Personal Information Management System (PIMS) initiatives,
collaborating with cross-functional members to create protective measures for
personal data. Conduct routine audits to verify adherence to pertinent
regulations, including Taiwan’s Personal Data Protection (BS10012), PCI-DSS, PCI
PA DSS, ISO27001, ISO20000/ITIL, and Privacy by Design principles. - Support team members to periodically perform vendor risk assessment (VRA)
to assess potential risks and develop mitigation strategies when needed to
minimize business risks.
【Nice to have】
* Knowledge of BS 10012.
* Clouds security measure and related reliability engineering knowledge

⚫ Education background: University graduate or above.
⚫ Minimum relevant requirements:
✓8 years of extensive experience in Cybersecurity, specifically focusing on Cloud Security, IDC Security, and compliance with relevant regulations and standards as specified.

⚫ Special Skill Requirement:
-Proven track record in implementing and managing security solutions, technologies, and practices in complex environments. 

- In-depth knowledge of DDoS mitigation, WAF, Cloud Firewall, API
security, Container Security, IAM, ZTNA, DB Audit, NG Firewall, DLP,
EDR/XDR, Email Security, DNS Security, IoT Security, and Encryption
Technologies. 

- Strong understanding and experience with S-SDLC, DevSecOps,
Security Requirement Analysis, Threat Modeling, Vulnerability
Scanning/Penetration Testing, SOC/SOAR, Incident Response, and
Investigation.
- Proven experiences in handling cybersecurity incidents, effectively
responding and addressing security breaches to minimize impact and
protect organizational assets and reputation. - Good in written and spoken English
○ 雲安全: 抗D、WAF、雲防火牆、API安全防護、容器安全、
IAM、ZTNA、DB Audit
○ IDC安全: 高可用與容災設計、路由交換安全、NG Firewall、資
料防洩露 DLP、EDR/XDR、郵件安全、DNS安全、IOT安全、加密
技術、去標識化/匿名化技术
○ 其它：S-SDLC、DevSecOps、安全需求分析、安全威胁建模、漏
掃/滲透測試、SOC/SOAR、應急回應與調查取證
○ 合規能力考察點：
○ 臺灣個人資料保護法、香港個人資料隱私條例
○ PCI-DSS、PCI PA DSS
○ ISO27001, ISO20000/ITIL
○ 隱私保護合規設計及PIMS稽核
○ VRA（供應商風險评估）
○ PIA/DPIA（個人信息/數據保護影響評估）