工作职责:
职位描述/Position Deｓｃｒｉｐｔion：
负责信息安全管理安全防护体系完善优化；负责公司信息安全组织建设；负责法规符合性和审计统筹；负责信息安全文化氛围营造；Responsible for the improvement and optimization of information security management and security protection system; Responsible for the construction of the company’s information security organization; Responsible for regulatory compliance and audit coordination; Responsible for creating the cultural atmosphere of information security;
主要职责/Main Responsibilities：
1、信息安全体系完善：健全信息安全管理政策、标准、制度和流程；
1. Improve information security system: improve information security management policies, standards, systems and processes;
2、信息安全组织建设：构建公司级信息安全委员会组织架构，完善会议机制，公司层面强化信息安全重要度；
2. Information security organization construction: build the organizational structure of information security committee at the company level, improve the meeting mechanism, and strengthen the importance of information security at the company level;
3、信息安全意识培育：营造信息安全文化氛围，开展培训宣贯以提升全员信息安全意识，防范人员意识薄弱造成的风险；
3. Cultivation of information security awareness: ｃｒｅａｔｅ an atmosphere of information security culture, carry out training and publicity to enhance the information security awareness of all staff, and prevent risks caused by the weak awareness of staff;
4、信息安全风险管理：强化风险评估、分析、处置和追踪，形成风险管理的信息安全机制；
4. Information security risk management: strengthen risk assessment, analysis, disposal and tracking to form an information security mechanism for risk management.
5、信息安全审计支持：牵头IT内外部审计工作支持，统筹部门应对和改善；
5. Information security audit support: led IT internal and external audit support, coordinated the response and improvement of the department;
6、信息安全合规应对：定期对标国家和行业法律法规条款以及母公司信息安全要求，遵照执行，保证合规性；
6. Information security compliance response: regularly benchmarked national and industry laws and regulations and information security requirements of the parent company, complied with and implemented to ensure compliance.
任职资格:
任职要求/ Qualifications：
？学士及以上，计算机或相关专业，拥有信息安全领域的从业经验或掌握有信息安全领域的专业知识，具有3年以上信息安全领域工作经验者为佳。
？Bachelor’s degree or above, majoring in computer science or related fields, with experience in the field of information security or professional knowledge in the field of information security, with at least 3 years of work experience in the field of information security is preferred.
？了解和掌握常见的 IT 架构, 网络和软件。
Understand and ｍａｓｔｅｒ common IT architectures, ｎｅｔworks, and software.
？熟悉《网络安全法》、《数据安全法》、《个人信息保护法》等法规要求，熟悉ISO27001和ISO20000体系者优先。
Familiar with regulatory requirements such as the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, and familiarity with ISO27001 and ISO20000 systems is preferred.
？具有系统项目的项目管理和运维经验。
With Application System implement and project management.
？需要有信息安全领域的资格证 (CISA, CISSP, CPPG 等 ) 。
Qualifications in the field of information security (CISA, CISSP, CPPG, etc.) are required.
？具有较强的计划性和执行力。
With the ability to planning and ｅｘｅｃution.
？具有良好的沟通能力、团队精神和责任心。
With good communication skill, team working ability and responsibility.
？较好的英语口语及较强的读、写能力。
Be good in English speaking and excellent in English reading and writing.

上班地址：-江苏-南京-南京市江宁开发区苏源大道66号