IT Security Officer
日期: 2024年4月25日
地点: 上海市, 上海, CN
公司名: Bureau Veritas
Job Purpose
This position has an objective to
- Drive the implementation of Group IT Governance and Cyber Security Strategy across the region by assisting the OG CISO.
- Achieve and maintain IT compliance across the region as per group policies and IT standards and regulations.
- Minimize the cyber security threats and related risks across the region by taking proactive measures.
- Support the region to achieve security standards like the NIST Framework and 27001 as per group guidelines.
- Properly maintain inventory of IT assets, applications, domains, and certificates and their validity with the help of the local IT team.
- Work closely with application owners for secure development and hosting of applications by following the Security by Design process.
- Closely work with HR, Legal, Local IT, and the Management Team of the Region to achieve the required result and enhance cybersecurity.
- Brief the IT executive team on issues, risks, and status.
- Local, HO, and external audit support.
- Create a cyber security budget if your region requires one.
- Ensure that disaster recovery and business continuity plans are in place and tested;
- Participate actively in crisis management activities and exercises with the OG team.
Roles & Responsibilities for HSE
- In all situations, the BV Cardinal Safety Rules must be followed.
- To comply with company HSE requirements (e.g., policies, procedures, guidelines, etc. and local legal requirements on HSE as applicable.
- to take care of own health and safety as well as that of colleagues and others.
- Immediate reporting of any shortcomings on HSE, i.e. any incident, unsafe work practices, / conditions, to his/her immediate line managers.
- Sharing opportunities for improvement on HSE aspects.
Criteria for Performance Evaluation
- Use of Group level/ new tools and utilities to record, track and measure cyber threats and incidents.
- Achievement of targets for major control implementation in standards like NIST, 27001.
- Create awareness to reduce the risk of cyber threats to businesses and the availability of IT services.
- Minimum number of findings in BitSight and BitSight Score.
- Effective teamwork
- Achieve operational excellence.
- Deliver value to internal and external clients.
- Develop people.
- Use of group-level or new tools and utilities to record, track, and measure cyber threats and incidents.
Knowledge/ Education / Previous Experience Required
- Engineer or relevant field graduate with technical background in IT (bachelor's degree or above)
- comfortable working in a multicultural environment.
- Above 10 years of experience in IT
- A sound understanding of computer systems (hardware/software), networks, etc.
- A strong understanding of internal controls and excellent management skills are required.
- knowledge of security standards, auditing techniques, and documentation.
- Resourcefulness, proven interpersonal skills, and the ability to work in a diverse environment with sensitivity and respect.
- Excellent communication skills (Good English speaking, computer skills, and writing skills are a must.)
- Proven ability to build strong relationships with all levels of an organization
- Ability to communicate with tact and diplomacy, both orally and in writing,
- Good presentation skills
- Ability to efficiently manage time and workload, which includes planning, organizing, prioritizing, and following-through on a variety of tasks, assignments, projects, and reports.
- Ability to work as a contributing team member in a professional manner.
- Ability to use effective judgement and problem-solving skills to make reasonable business decisions and recommendations.
- CISSP,CCSP, CRISC, CISM, ISO27001, NIST related certificate is PLUS