SecAudit, Vulnerability Manager(003916) - NANJING, 中国 - BASF SE

描述

位于南京的巴斯夫中国数字化中心吸引、培养和发展充满热情的数字化人才,他们将对巴斯夫的数字化未来产生深远的影响。快来加入我们,成为巴斯夫数字化之旅的一部分。

Digital Hub China in Nanjing attracts, grows, and develops passionate people who will meaningfully impact the digital future of BASF.

Come join us and be a part of our digitalization journey.


Objectives:
数字化将成为巴斯夫DNA的真正组成部分,创造令人兴奋的全新客户体验和业务增长,并提高流程效率。全球数字服务正在支持巴斯夫业务的数字化转型。我们的使命是推动巴斯夫的数字化转型,通过强大的敏捷文化,提供创新的、全球性的、高质量的数字化产品和服务。南京数字中心是我们为巴斯夫提供区域和全球解决方案的全球重要基地之一。

在此职位上,您将专注于以下目标


扫描:
与流程经理协作,创建和优化用于扫描范围内环境中漏洞的流程和工具。包括应用程序、设备和 Web 应用扫描目标,以及用于将漏洞信息摄取到 Archer 进行处理的过程


管理服务和邮箱:
提供有关最佳实践流程设置的输入,以处理漏洞请求并协调有关IBP查询邮箱的活动


未来产品的运营:
推荐其他产品/资产加入漏洞管理流程,包括所需的其他更改和数据收集


咨询服务:
创建并运行向产品所有者分发漏洞公告的流程


攻击面管理:
设计与ASM工具(待加入)相关的所有流程并提供建议,包括与所有相关利益相关者的互动


Main Tasks:
您将负责为巴斯夫组织提供的中央漏洞管理和修复服务的日常执行。这包括跟踪和协调所有修正活动

您的部分活动将是报告关键指标,以了解业务部门如何遵守安全要求并查看流程的运行情况

您将负责将新的范围区域加入漏洞管理扫描服务,并不断寻求改进和完善服务

您将与第三方供应商联络,并建立/维持良好的工作关系

作为我们CISO组织的一部分,您将与网络安全防御中心,安全治理以及我们的IT运营部门密切合作

Digitalization will be a true part of BASF's DNA that creates new exciting customer experiences and business growth as well as drives efficiencies in processes.

Global Digital Services is supporting BASF business in Digitalization transformation.

Our mission is to drive forward the digital transformation of BASF, providing innovative, global and high-quality digital products and services through a strong agile culture.

The Digital Hub Nanjing is one of our global key locations to deliver regional and global solutions for BASF.

In this role, you will focus on the following objectives


Scanning service:
Collaborate with process managers to create and optimize processes & tools used for scanning of in-scope environments for vulnerabilities. Includes application, device and webapp scanning targets and the process used to ingest vulnerability information into Archer for processing


Management service & mailbox:
Deliver input on best practice process set-up to handle vulnerability requests & coordinate activities regarding IBP inquiries into the mailbox


Operationalization for future products:
Recommend additional products/assets to onboard into the vulnerability management process incl. additional changes & data collection needed for Archer


Advisory service:
Create and operate the process for the distribution of vulnerability advisories to product owners


Attack surface management service:
Design and provide advice on all processes related to the ASM tool (to be onboarded) incl. on interaction with all relevant stakeholders

You will be responsible for the day-to-day execution of our central vulnerability management and remediation service offered to our BASF organization.

This includes the tracking and coordination of all remediation activities.

Part of your activities will be the reporting of Key Indicators to see how business units comply to the security requirements and to see how the process is running.

You will be responsible for the onboarding of new scope areas to the vulnerability management scanning service and constantly seek to improve and mature the services.

You will liaise with 3rd party vendors and establish/maintain good working relationships.

As part of our CISO Organization you will closely work together with the Cyber Security Defense Center, the Security Governance as well as our IT operations unit.

您已完成与学科相关的学位 或通过多年的相关专业经验和进一步培训获得的同等知识和技能

您在漏洞管理或其他相关网络安全领域至少有 1-3 年的经验


您必备技能:
您具有支持攻击面管理 (ASM) 工具和流程的经验,包括集成到漏洞管理、GRC 和升级管理

您可以在跨国/全球团队中独立工作,并带来结构化,分析,以质量为中心的方法

信息安全管理实践和相关规范和标准的知识

您具备出色的沟通技巧,能够与巴斯夫整个组织的利益相关者保持一致和沟通

自信的中英文沟通,包括口语和书面表达能力


希望您拥有:
公认的认证证明,如CISSP,CISM,CRISC,CISA或其他将是一个加分项

You have completed a subject-related university/technical college degree in (business) informatics or equivalent knowledge and skills acquired through many years of relevant professional experience and further training.

You have a minimum of 1-3 years' experience in vulnerability management or other relevant cyber security fields

Mandatory

You have experience supporting Attack Surface Management (ASM) tools and processes, including integration into vulnerability management, GRC, and escalation management

You can work independently in a multinational / global team and bring a structured, analytical, quality-focused approach with you

Practice in information security management and knowledge of relevant norms and standards.

You have great communications skills to align and communicate with stakeholders throughout BASF's organization

Confident communication in Chinese and English, both spoken and written

Nice to have

Proof of recognized certifications such as CISSP, CISM, CRISC, CISA or others would be a plus.

巴斯夫中国数字化中心于2020年在南京成立。作为全球数字中心的重要部分,中国中心正在迅速发展中,未来将会有更多岗位开放。巴斯夫专注于数字化和创新的IT解决方案,以增强巴斯夫在中国的IT化和专业化,为巴斯夫带来了一支全方位的数字化人才团队,在中国独特的数字化环境中创造解决方案。中心还为湛江一体化基地等大型项目的智能制造做出贡献。


在巴斯夫,我们为可持续发展的未来,创造化学新作用。我们将经济成功与环境保护相结合。我们肩负社会责任。巴斯夫集团超过110,000名员工为巴斯夫的成功做出了贡献。我们的客户遍布世界上几乎所有行业和几乎每个国家。我们的产品组合分为六个部分:
化学品,材料,工业解决方案,表面活性剂,营养与护理以及农业解决方案。巴斯夫2020 年销售额为 590 亿欧元。更多信息请见 。

Digital Hub China was founded in 2020 in Nanjing.

As part of the Global Digital Hub Verbund, the hub is rapidly growing with a target of a three-digit number of employees in coming years.

Focused on digitalization and innovative IT solutions to enhance BASF's IT portfolio and expertise in China, it brings an all-around capable team of digital talents to create solutions in the context of China's unique digital landscape to BASF.

It also contributes to the smart manufacturing endeavors for the new mega project in Zhanjiang.

At BASF, we create chemistry for a sustainable future. We combine economic success with environmental protection and social responsibility.

More than 110,000 employees in the BASF Group contribute to the success of our customers in nearly all sectors and almost every country in the world.

Our portfolio is organized into six segments:
Chemicals, Materials, Industrial Solutions, Surface Technologies, Nutrition & Care and Agricultural Solutions. BASF generated sales of €59 billion in 2020. Further information at

BASF Asia-Pacific Service Center is based in Malaysia, we may reach you via Malaysia phone number.

请时刻警惕任何可能的招聘欺诈行为请注意,巴斯夫绝不会在任何情况下向候选人以任何形式收取任何费用。