1.Help Liberty China comply with International Security standards, ISO 27001.

2.Work closely with executives, business manage, audit and legal couel to undetand requirements related to security and regulatory compliance, and to map those requirements to current security projects

3.Develop, implement, and manage the overall process for security strategy and associated architecture and engineering standards

4.Oveee the continuous monitoring and protection of facilities, peonnel and information systems. Evaluate suspected security breaches and recommend corrective actio (including incidents involving outside vendo)

5.Serve as the focal point for security incident respoe planning and execution

6.IT dept face and key coordinator for Audit, Compliance and regulatory request such as SOX, SARMA, CROSS, etc.

7.Establish and monitor formal certification programs regarding security standards relating to the planned acquisition and/or procurement of new applicatio or technologies

8.Assist in the review of applicatio and/or technology environments during the development or acquisitio process to (a) assure compliance with security policies and directio and (b) assist in the overall integration process regarding Liberty’s own technology environment

9.Evaluate changes to the environment for security impact and present findings to management.

10.Continually looking for opportunities to improve current processes and approaches and driving implementation of these changes

岗位要求：

1、Bachelor’s Degree; Computer Science, Engineering or technical degree preferred

2、CISA preferred

3、CISSP preferred

4、PMP, PRINCE2 and ITIL certified nice to have

5、3 - 5 yea IT experience in Security or IT audit based role

6、1 – 3 yea leading a team (title not necessary)

7、Ability to communicate objectives, pla, status and results clearly, focusing on critical few key points

oAbility to interface with top management

oCoeus-builder, while still results-oriented and commitment focused

oBusiness-based attitude; i.e., the recognition that no policies can be implemented w/o demotrable business benefit

oCommunicate and champion security awareness to organization.

8、Vulnerability testing in addition to penetration testing

9、Developing security practices as a people problem veus a technical problem

10、Standards-based architecture with an undetanding of how to get there, including compliance monitoring and enforceability

11、Demotrated ability to build strong partnehips across organizatio in delivering the best outcome of complex programs

12、Ability to work hands on in a fast paced environment

13、Strong experience with enterprise security concepts

14、Strong written English skills, strong oral English a plus