牛津大学高等研究院（苏州）（OSCAR）招募IT主管，任职者将向楼宇服务部主任汇报工作，按照英国牛津大学的管理要求，负责OSCAR的IT 运维管理相关工作，包括但不限于桌面日常维护、机房设施设备维护、展厅设施维护、会议设施维护、门禁监控系统维护、应用系统及软件维护、网络安全管理、信息安全和数据安全管理、IT风险管控及合规审查、预算管理、固定资产管理及备品备件管理、IT施工及系统改造监管等。
Oxford Suzhou Centre for Advanced Research (OSCAR) is looking to recruit an IT Supervisor, who will report to the Head of Building Services and Facilities, and follow the requirements from Oxford University to carry out daily IT management of OSCAR, including but not limited to IT service and facilities maintenance for desktop, server room, exhibition hall, video and audio conference, CCTV management, application system and software management, network safety management, information and security management, data safety management, risk assessment and management, IT compliance management，budget control, fixed asset and spare parts management, IT related construction and system modification management, document management and so on.
职责描述：
1. 日常桌面运维包括但不限于办公电脑和实验室电脑软硬件维护（系统安装与升级、常用软件安装、硬件检修等）、电话系统和打印系统的日常维护等；
2. 机房设施设备的运维包括但不限于日常巡检、机房环境维护、网络通讯和网络安全设备管理，存储设备管控、UPS设备管理、门禁及监控主机维护、实验室相关服务器及网络设施管理等；
3. 展厅设施维护包括但不限于电脑主机、显示屏、投影机、音响系统等音视频设备的管理；
4. 会议设施维护包括但不限于会议电脑、音视频采集和处理设备、会议软件、音响系统等的管理；
5. 门禁监控系统维护包括但不限于门禁和监控系统的软硬件管理，权限管控等；
6.应用系统及软件维护包括但不限于OA系统（人员管理、权限调整、流程创建及调整等）、财务和人事系统、网站及微信小程序等的管理；
7. 网络安全管理包括但不限于网络安全架构的搭建及调整、网络监控、网络安全事件处置等。
8. 信息安全和数据安全管理包括但不限于信息和数据的全流程监管（分类管理、权限管理、存储和备份管理、数据的销毁等）;
9. IT风险管控及合规审查包括但不限于风险评估、风险管控、合规性评估和审查等;
10. IT预算管控包括但不限于年度预算的制定、预算的管控等。
11.IT固定资产和备品备件管理包括但不限于固定资产维护、固定资产盘点、备品备件的采购和库存管理等;
12.IT施工及系统改造的监管包括但不限于弱电工程装修及改造（弱电系统的设计、施工过程监管、工程验收等）;
13. 文档管理包括但不限于IT policies and procedures的起草和修订、系统操作说明的撰写、系统配置文件的记录、培训资料的更新等。
Responsibilities:
1. Daily desktop operation and maintenance, including but not limited to office computer and laboratory computer hardware and software maintenance (system installation and upgrade, common software installation, hardware repairment, etc.), telephone system and printing system daily maintenance, etc.
2. The operation and maintenance of equipment and facilities in the server room, including but not limited to daily inspection, server room environment maintenance, network communication and network security equipment management, storage device management and control, UPS equipment management, access control and CCTV host device maintenance, laboratory related servers and network facilities management.
3. The maintenance of exhibition hall facilities, including but not limited to the management of audio and video equipment such as computers, display screens, projectors, and sound systems.
4. Maintenance of conference facilities, including but is not limited to the management of conference computers, audio and video acquisition and processing equipment, conference software, sound systems, etc.
5. Maintenance of the access control and CCTV system, including but not limited to the management of the hardware and software of the access control and CCTV system and the control of rights.
6. Application system and software maintenance, including but not limited to OA system (personnel management, authority adjustment, process creation and adjustment, etc.), financial and HR system, website and Wechat program management.
7. Network security management, including but not limited to the setup and adjustment of network security architecture, network monitoring, and network security incident handling.
8. Information security and data security management, includeing but is not limited to the whole process supervision of information and data (classification management, authority management, storage and backup management, data destruction, etc.).
9. IT risk control and compliance review, including but is not limited to risk assessment, risk control, compliance assessment and review etc.
10. IT budget control include but is not limited to annual budgeting and budget control.
11. IT fixed assets and spare parts management, including but not limited to fixed assets maintenance, fixed assets inventory, spare parts procurement and inventory management.
12. Supervision of IT construction and system modification including but is not limited to the construction of weak current engineering (designing of weak current system, supervision of on-site construction, project acceptance, etc.).
13. Document management, including but is not limited to drafting and revising IT related policies and procedures, drafting system operation instructions, recording system configuration, updating training documents, etc.
基本条件：
1. 本科及以上学历，计算机、网络通信类相关专业；
2. 具备HCIE，H3CIE、CCIE或相同等级认证，IT行业4年以上系统集成或网络设备调试经验，熟练调试H3C、华为、Cisco等网络产品；
3. 精通Windows、Liunx服务器，掌握Active Directory，具备4年以上大中型机房管理及基础架构搭建与管理经验；
4. 3年以上网络安全和信息安全的管理经验，有参与风险评估或合规审计相关经验；
5. 熟悉OA系统的开发与维护，了解财务系统和人事系统与OA的对接流程；
6.了解IT相关法律法规包括但不限于网络安全法、数据安全法、个人信息保护法等。
7. 良好的英语口语表达能力，优秀的英语书写水平。
Essential
1. Bachelor's degree or above, major in computer, network communication etc.
2. Have HCIE, H3CIE, CCIE or the equivalent level certification, more than 4 years experience in system integration or network equipment debugging in IT industry, profesonal in debugging H3C, Huawei, Cisco and other network products.
3. Proficient in Windows, Liunx server, master Active Directory, with more than 4 years of large or medium-sized server room management and infrastructure construction and management experience.
4. More than 3 years of management experience in network security and information security, with experience in participating in risk assessment or compliance auditing.
5. Familiar with the development and maintenance of OA system, understand the docking process of financial system and personnel system with OA.
6. Understand IT related laws and regulations, including but is not limited to network security, data security, Personal information protection, etc.
7. Fluent oral English and excellent English writing skills.
优先考虑:
1.持有CISSP、CISA、CISM或其他信息安全证书。持有行业渗透测试认证，例如CPTE、CPTC、GPEN 和CEH将被优先考虑。
2. 提供过安全战略咨询、体系架构咨询、信息隐私和治理咨询、认证和合规咨询、GDPR/网安法合规咨询、业务可持续性和安全性技术测试等相关咨询服务优先。
Desirable
1.Hold CISSP, CISA, CISM or other information security certification. Industry penetration testing certifications such as CPTE, CPTC, GPEN and CEH will be preferred.
2. Experiences of providing security strategy consulting, architecture consulting, information privacy and governance consulting, certification and compliance consulting, GDPR and network security law compliance consulting, business continuity and security technology testing and other related consulting services are preferred.