We are looking for an experienced information security professional with proven expertise in application/infrastructure security in a mission critical and enterprise environment. This position is based in Beijing as part of the Asia InfoSec team. The successful candidate will provide effective leadership in information security and risk management for the China business by working with regional and global teams within technology and risk.

The position will report to both the Head of China Tech and Regional Head of Information Security.

Responsibilities:
– Conduct security/risk reviews on technology projects to ensure application and infrastructure security measures and best practises
– Conduct security/risk reviews of 3rd party systems and applications to assess security controls used by the application (e.g. authentication, authorization, input validation, error handling, resilience) against firm policies and standards
– Investigate, coordinate and resolve information security incidents
– Drive China’s participation in global Information Security programs
– Drive implementation of security controls/measures in technology platforms, leveraging the security engineering teams/resources

Requirements:
– Demonstrate deep understanding and leadership for information security and the impact of new technologies and trends
– Strong analytical, communication, interpersonal, and problem solving skills
– Excellent influencing skills at all levels and the ability to develop and maintain trusted relationships
– Strong sense of ownership and accountability
– Fluent in English and Mandarin
– Ability to work independently, analyze problems and act decisively with minimal oversight
– Ability to manage client relationships and work as part of an extended regional team
– Excellent presentation skills
– Industry Certifications such as CISA, CISSP, and CISM are beneficial
– In-depth knowledge of the following areas and their impact on security:
– Windows and Unix/Linux OS
• Network protocols such as TCP/IP
• Common web-related and file transfer protocols such as http/https and ftp
• Firewall and IDS/IPS technology
• Voice and Audio-Visual platforms
• Experience with configuration and vulnerability management
• Familiarity with application security issues such as OWASP Top 10