Job Description

Job Responsibilities

1. Able to break down detailed information security compliance technical requirements and rules, and can support the identification, improvement, tracking, and post-event evaluation of security risks associated with related business.


2. Interface with and organize business departments to participate in non-China regulatory agencies' security compliance inspections of the company, and track the closed-loop rectification of identified issues.


3. Connect with third-party audit and certification bodies to assist in completing audit work for ISO 27001, ISO 27701, ISO 21434, TISAX, ESG, etc.


4. Keep track of and summarize the dynamic changes in laws, regulations, and industry policies related to information security within the scope of global business operations, and optimize and improve business processes regularly in accordance with business development needs.


5. Responsible for optimizing the audit strategy of SOC to improve efficiency;


6. Have practical experience in SOC operation, such as security scenario planning and optimization, security response incident handling?Familiar with major SOC platforms and SIEM tools.


7. Design and deploy information security technology solutions, including firewalls, intrusion detection and prevention systems, endpoint security, etc.


8. Monitor security incidents, promptly respond to and handle various information security threats and vulnerabilities.


9. Assess security risks of corporate information systems and develop corresponding security protection strategies.


10. Manage the configuration, administration, and maintenance of security devices to ensure their effective operation.


11. Support information security audits and compliance inspections, and contribute to the improvement of the security management system.


12. Conduct security awareness training to enhance employees' information security protection capabilities.


13. Stay updated on the latest information security technologies and threat trends, and continuously optimize security measures.


14. Prepare information security-related documentation and reports to support management decision-making.

Job Requirements

1. Over 15 years of relevant work experience in information security technology.


2. Experience in constructing information security systems and conducting security operations in large enterprises is preferred.


3. Candidates with security experience in the automotive or high-tech industries are preferred.


4. Familiarity with information security architecture and mainstream security technologies (e.g., firewalls, IDS/IPS, VPN, DLP, etc.).


5. Proficient in protection technologies and implementation methods for network security, application security, and system security.


6. Knowledgeable in operating system security hardening (Linux/Windows) and security vulnerability management.


7. Capable of handling security incident response and emergency measures, with familiarity with security event analysis tools.


8. Skilled in using security management and monitoring platforms (e.g., SIEM, vulnerability scanning tools, etc.).


9. Familiar with non-China information security regulatory laws and regulations (such as GDPR, PDPA), understand regional special requirements, and have experience in responding to non-China regulatory audits.


10. Capable of leading and conducting information security system audits, such as ISO 27001, ISO27701, ISO21434, TISAX, ESG, etc.


11. Those with certificates such as Exin DPO/CISO/ISO 27701 Lead Auditor/CISSP/CISA are preferred.