Security Risk Manager - Shenzhen, 中国 - QIMA

    QIMA
    QIMA Shenzhen, 中国

    发现在: Talent CN S2 - 1周前

    Default job background
    全职
    描述
    Our story began in 2005 in Hong Kong, when we disrupted supply chain quality control by taking it online. We've since been offering smart solutions that bring trust and safety to trade globally. QIMA's vision is Human & Artificial intelligence harmonized to offer a predictive & risk-based approach to quality and compliance. In 2020 we introduced QIMAone : our elegant and powerful SaaS platform . This encapsulates, in a world class UX, all that we've learned , to empower brands, retailers and manufacturers with real-time collaboration and actionable data to address the complexity and quality issues inherent in todays globalised economy We are constantly looking for high performers, who, like us, want to go ever further in the search for innovation to grow QIMAone. Ready to join us?

    The Company

    We're a global provider of quality control and compliance services that helps brands and retailers manage their supply chains. Every year, we deliver some 250,000 inspections, audits, and lab tests. Our service quality is very important to us – in fact, "Client Passion" is among our core company values.

    QIMA has been a pioneer in its industry to have a launched a Quality Management system platform, providing to its clients Supply Chain performance dashboards and indicators.

    The Job

    Deliver IT Security Risk Assessments and be an IT Security Champion to the business, with focus on new and existing applications utilizing Agile techniques (DevSecOps).:

    Responsibilities:

    · Responsible for security risk assessments on new and existing applications and systems to ensure strong risk management strategies, tools, frameworks and standards are in place.

    · Identify and provide analysis and recommendations for IT security risks, and track corrective actions performed by the business thru risk exception process.

    · Provide accurate and timely reports to demonstrate individual and team activities and progress

    · Work closely with IT and business representatives to drive risk assessment and remediation

    Provide consultation on security policies and general best practices. Evaluate and provide security approvals related to application and infrastructure changes with focus on firewall rule approval and recertification.

    ·Participate in audits to establish compliance with security policy and country regulations. Contribute to individual, team, and security function continuous improvement projects

    The Candidate

    Requirements:

    In order to succeed in this role, you must:

    ·Advanced knowledge of infrastructure and application security and risk management concepts.

    ·Have good understanding of industry regulations i.e. MAS TRM, HKMA, FSA, etc.

    ·Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.

    ·Must have demonstrable previous IT Security experience in risk management, audits/compliance, security system development, and/or operations. Vulnerability/ Patch Management experience is a plus.

    ·Prior experience in DevSecOps methodology and its application is preferred

    ·Must have direct IT and business stakeholders management in a confident and responsive manner. Previous security sales and/or team management experience should be highlighted.

    ·Must have excellent English oral and written communication.

    ·Must be motivated, and able to work independently as well as part of a team and must demonstrate ethical responsibility, maturity, and discretion

    It also helps if you have the following certification(s) or equivalent experience, are preferred:

    CRISC, CISM, CISA, CISSP, ITIL, GCCC