- Bachelor's degree in Information Systems, Computer Science or related field or equivalent experience/certification
- 8+ years' experience in Information Security with: 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role 2+ years' team management experience with security technical team members 1-2 years' experience/exposure to Common Controls Framework Exposure/functional understanding of NIST RMF
- Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),
- Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person.
- Ability to conduct independent security research
- Strong understanding of common OWASP flagship projects, Top , Cheat
- Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization
- Strong understanding of SDLC and security integration points
- Functional understanding of microservice application architecture
- Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies
- Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or
- Comfortable with technical report writing and crafting security requirements.
- Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation
- Basic understanding of Vulnerability and Patch Management practices
- Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM
- Basic understanding of Agile Software Development Practices & DevOps
- Master's degree in Computer Science or Software Engineering
- Mid-level cloud computing certification, AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer
- Functional knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall)
- Functional understanding of common cryptographic algorithms and libraries
- Functional foundational understanding of Cloud Computing
- Represent GIS C&A on all Release Communications, discussions and meetings
- Process Releases and Security Engagements assigned to C&A.
- Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place.
- Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection.
- Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery.
- Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls.
- Works with other security team members to research and test for complex security issues.
- Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws.
- Validates external security researcher bug bounty submissions.
- Ensures applications are built according to enterprise security standards.
- Works with development teams to review application source code for security and operational risks.
- Perform manual code reviews of applications that are not compatible with automated SAST tools.
- Provide detailed security documentation to developers, software engineers and technical personnel when necessary
- Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws
- Manage security architecture and engineering team in Great China.
- Participate in peer reviews of security assessments created by other team members.
- Manage tickets and SLAs associated with security testing efforts.
- Maintain and contribute to the enterprise SSDLC standard.
- Coordinates and implements work and projects as assigned.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Analyzes information and evaluates results to choose the best solution and solve problems.
- Develops specific goals and plans to prioritize, organize, and accomplish work.
- Sets and tracks goal progress for self and others.
- Monitors the work of others to ensure it is completed on time and meets expectations.
- Provides direction and assistance to other organizational units' policies and procedures, and efficient control and utilization of resources.
- Creates a team environment that encourages accountability, high standards, and innovation.
- Leads specific team while assisting with meeting or exceeding department goals.
- Makes sure others understand performance expectations.
- Ensures that goals are being translated to the team as they relate to tracking and productivity.
- Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service.
- Understands employee and develops plans to address need areas and expand on the strengths.
- Provides the team with the capabilities needed to meet or exceed expectations.
- Leads by example demonstrating self-confidence, energy and enthusiasm.
- Acts proactively when dealing with employee concerns.
- Extends professionalism and courtesy to employees at all times.
- Communicates/updates all goals and results with employees.
- Meets semiannually with staff on a one-to-one basis.
- Establishes and maintains open, collaborative relationships with employees.
- Solicits employee feedback.
- Interviews job candidates and assists in making hiring decisions.
- Receives hiring recommendations from team supervisors.
- Ensures orientations for new team members are thorough and completed in a timely fashion.
- Observes behaviors of employees and provides feedback to individuals.
- Provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.
- Manages group or interpersonal conflict.
- Informs and/or updates executives, peers, and subordinates on relevant information in a timely manner.
- Manages time effectively and conducts activities in an organized manner.
- Presents ideas, expectations and information in a concise, organized manner.
- Uses problem solving methodology for decision making and follow up.
- Performs other reasonable duties as assigned by manager.
-
Labcorp Drug Development Shanghai, 中国 全职The Clinical Pathologist (Laboratory Medicine), and/or Anatomic Pathologist, provides medical consultative and interpretive support to Labcorp biopharma solutions and its internal and external customers. The Pathologist is responsible for medical decision-making and consultation ...
-
BSI Shanghai, 中国 全职Great that you're thinking about a career with BSI · Countries in APAC include Australia & New Zealand, Greater China (China & Hong Kong), Japan, North East Asia (Taiwan & South Korea) and ASEAN (Indonesia, Malaysia, Philippines, Singapore, Thailand & Vietnam). · Overview / Pur ...
-
Primark Shanghai, 中国 全职Job Description · Product Sustainability Coordinator · Job Title: Product Sustainability Coordinator Reports To: Sustainability Specialist Team: Product Sustainability Location: Dhaka / Shanghai Job-Type Full Time Product Sustainability Coordinator The product sustaina ...
-
Surveyor
1周前
Bureau Veritas Group Shanghai, 中国 Fixed termJob Description: · -To conduct activities in line with internal procedures, accreditation schemes, legislation, Bureau Veritas Safety Absolutes and Bureau Veritas Code of Ethics; · -To propose solutions or facilitate the resolution of problems encountered during the building pro ...
-
Bosch Shanghai, 中国 全职Job Description · Position Summary : · This position is responsible for engineering lab facility management, Lab QM assurance includes procurement, maintenance of test equipment, QM quality assurance and accreditation activities in Shanghai Lab. · Job Responsibilities : · Test fa ...
-
DNV Shanghai, 中国 全职This role is for medical device certification. The main responsibilities of this role are: · Responsibility for achieving his/her own KPI-targets · Efficiently and competently implement ISO13485 &MDD&MDR auditing and assessment work for clients based on the CE Directives, Interna ...
-
VF Corporation Shanghai, 中国 全职Competency Requirements : · Behavioral Competencies - · (Please refer to VF guiding principles) · • Excellent interpersonal and communication skills (oral and written) · • Hands-on and results- oriented · • Team player and the ability to work independently · • Communication and ...
-
UNStudio Shanghai, 中国As an international architectural firm, UNStudio is active in the broadest fields of architecture. Our project portfolio covers every aspect of architecture, ranging from small to large scale projects, research and theory. The atmosphere within our global offices, including our U ...
-
The Ritz-Carlton Shanghai, 中国 全职POSITION SUMMARY · Support the Brand, Marketing and Digital organization on implementation of eCommerce strategies. Responsible for executing digital activities as assigned based on key initiatives and strategies. Verify that all activities are in alignment to provide the support ...
-
China Launch SQE
6天前
Garrett - Advancing Motion Shanghai, 中国 全职Work directly with suppliers to satisfy Garrett Advancing Motion's quality standards and strategy, and replenishment initiatives in the manufacture of components · You will interact with all levels of the Garrett Advancing Motion Organization · As Garrett Advancing Motion's point ...
-
Head of Science
1周前
eChinaCareers Shanghai, 中国We are looking for a Head of Science for a bilingual school based in Shanghai. This is a full-time position starting from the upcoming academic year in August 2024. · About the school · A bilingual school, which was founded five years ago, is situated in Huangpu and Pudong distri ...
-
eChinaCareers Shanghai, 中国We are looking for a Head of Mathematics for a bilingual school based in Shanghai. This is a full-time position starting from the upcoming academic year in August 2024. · About the school · A bilingual school, which was founded five years ago, is situated in Huangpu and Pudong di ...
-
Senior Designer
1周前
WATG Shanghai, 中国 全职Job Details · Description · ABOUT WATG · WATG is the world's preeminent destination and hospitality design firm. We are employee-owned, 77 years young and home to nearly 400 creative, globe-trotting professionals located remotely and in our offices in California, New York, Hon ...
-
Head of Art
1周前
eChinaCareers Shanghai, 中国 全职We are looking for a Head of Art for a bilingual school based in Shanghai. This is a full-time position starting from the upcoming academic year in August 2024. · About the school · A bilingual school, which was founded five years ago, is situated in the Huangpu and Pudong distri ...
-
TransPerfect Shanghai, 中国 ContractWork location: onsite in Shanghai, China · Start date: April 2024 (exact date to be communicated) · Work schedule: the expert will work on the client's premises for 1-2 weeks, on demand · Duration: long-term opportunity / on demand · Engagement model: Freelance basis/Independ ...
-
Freelance German
1周前
TransPerfect Shanghai, 中国 ContractWork location: on-site in Hefei, China · Start date: May, October 2024 (exact date to be communicated) · Work schedule: The expert will work on the client's premises for 1-2 weeks, on-demand, with remote options available for May 2024. · Duration: long-term opportunity / on de ...
-
Freelance Arabic
1周前
TransPerfect Shanghai, 中国 OtherWork location: on-site in Shanghai, China · Start date: April 2024 (exact date to be communicated) · Work schedule: the expert will work on the client's premises for 2-4 weeks, on demand · Duration: long-term opportunity / on demand · Engagement model: Freelance/Independent c ...
-
On the Mark Education Consulting Inc. Shanghai, 中国About the Job / School Our school has grown to 27 campuses all over Shanghai since We are a private educational institution accredited by the Shanghai Educational Committee and are recognized as being one of the top private foreign language institutes in the Shanghai area. Additi ...
-
Team Lead
2周前
CSA Group Shanghai, 中国 全职Employment Status: · Regular Time Type: · Full time BUILDING A WORLD CLASS TEAM STARTS WITH YOU · At the heart of CSA Group is a vision: making the world a better, safer, more sustainable place. It's been part of our mission for nearly one hundred years: from the first e ...
-
Team Lead
2周前
CSA Group Shanghai, 中国 À temps pleinStatut d'emploi: · Permanent Type d'heures: · À temps plein Nous avons besoin de vous pour former une équipe de calibre mondial · Les activités du Groupe CSA reposent sur l'atteinte d'un idéal : rendre le monde meilleur, plus sûr et plus durable.Cet ideal est au coeur de no ...
Director, Security Architect, Certification and Accreditation, GC - Shanghai, 中国 - Corporate
描述
JOB SUMMARY
Lead and manage security architecture and engineering team in Great China. Performs certification of Security Control attestations and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott's Production Environments in regional level.
Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.
Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott's Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership
CANDIDATE PROFILE
Education and Experience
Required:
Preferred Skills & Attributes
CORE WORK ACTIVITIES
Security Certification
Security Accreditation
Managing Work, Projects, and Policies
Leading Team
Conducting Human Resources Activities
Additional Responsibilities
