Responsibilities 具体职责

Compliance:
- Solid understanding of industry standards such as ISO 27001, NIST, CIS,
GDPR, and local regulations like CSL, PIPL and DSL.
- Ability to conduct IT Security risk assessments, Internal security audits, and
compliance reviews.
- Liase with company IT team for embedding security controls in Software development life cycle process via Source code review and Penetration testing.
- Develop and maintain security policies, procedures, and risk management frameworks.
- Good understanding of Business continuity management process.
- Conceptual understanding of Data privacy principles.
- Work with third party vendors to drive new security initiatives.

Understanding of Technical Security Measures:
- Good understanding of End point Security tools – Proxy, DLP, Encryption tools, Anti-virus and EDR etc.
- Good understanding of Network Security concepts – Firewalls, Cloud Firewalls, WAF.
- Awareness of Log management strategy and SIEM tools.
- Understanding of Cloud Security Concepts.

Security Awareness & Stakeholder Engagement:
- Conduct security training and awareness programs for internal teams.
- Collaborate with IT, compliance, and business units to improve security posture.
- Provide recommendations for security enhancements and best practices.
- Company employee security strategy training, document writing.

Requirements 具体任职条件
- 3-4 years of experience in cybersecurity, GRC, or security operations.
- Strong understanding of risk management, compliance frameworks, and cybersecurity best practices.
- Familiarity with cloud security (Alibaba Cloud, AWS, Azure) and regulatory compliance in China.
- Proficiency in Chinese and English (both written and verbal).
- Certifications preferred: ISO 27001, CISSP, CCSP or equivalent.
Experience in DevSecOps and automation.
- Familiarity with security frameworks like OWASP ASVS.
- Knowledge of scripting languages for security automation (Python, Bash, etc.).