IT and Data Security Specialist / IT及數據安全專員

? Implement ‘IT in engineering laboratory/manufacture' in plant according to central directive （ITL/ITM）
根據中央指令在工廠實施IT工程實驗室/制造中的應用設置
- Defining and implementing engineering laboratory/manufacture infrastructure concept (including IT devices, network, server and database, etc.) considering both daily operation and future needs
定義并實施工程實驗室/制造基礎設施的IT設置及使用方案（包含IT設備、網絡、服務器及數據庫等），兼顧日常運營與未來需求
- Define and ensure organizational measures for data security in laboratories/manufacture
制定并落實實驗室/制造環節的數據安全組織措施
- Training and coordination of local lab/MOE organization
培訓并協調本地實驗室及生產現場的IT及網絡安全
- Perform annual IT security audits in local laboratories/manufacture
對當地實驗室/生產現場執行年度IT安全審計
- Consulting for setup and acquisition of related equipment
提供相關IT設備配置與采購咨詢
- Perform regular communication with local Engineering/manufacture management on ITL/ITM topics
定期與本地工程/制造管理部門就ITL/ITM議題進行溝通
? IT and data security for business data and local developed application/systems （LAC）
業務數據及本地開發應用/系統的IT與數據安全
- Define and implement security checklist and control process
制定并實施安全檢查清單與控制流程
- Support risk assessment and implement measures accordingly
支持風險評估并落實相應措施
- Yearly risk re-certification for running applications
運行應用程序的年度風險再認證
? ISP, IDM and access management
ISP、IDM及訪問管理
- User Training & awareness improvement in department
部門用戶培訓與意識提升
- Provide security consult to served departments
為服務部門提供安全咨詢
- Document and regular updating of ISP concept according to central directive and regional laws
依據中央指令及區域法規記錄并定期更新ISP方案
- Define data protection method in department level to avoid business loss
制定部門級數據保護方法以避免業務損失
- Department folder Authorization concept definition
部門文件夾授權方案定義
- Local application registration and management
本地應用程序注冊與管理
- Non-standard software management to avoid compliance issue
非標準軟件管理以規避合規風險
- Authorization application in IDM and regular checks to ensure proper usage
在IDM中實施授權申請機制并定期核查確保規范使用
? Other relevant tasks arranged by superiors for achieving company’s objectives.
上級交辦的為實現公司目標的其他工作。
? Education學歷
Bachelor or above degree, major in Computer Science, Information Security, Information System, Information Management or other similar majors.
本科及以上學歷，計算機科學、信息安全、信息系統、信息管理或相關專業。
? Experience工作經驗
Minimum 3 years work experience in cyber security, data security, newwork and server maintainence, Computer Hardware or Software management, previous relevant working experience in a global environment is an advantage.
三年以上網絡安全、數據安全、網絡及服務器運維、計算機硬件或軟件管理相關工作經驗，有跨國企業從業經歷更佳；
? Skills技能
- Basic understanding of information security and/or IT governance and/or access and identity management topics
具備信息安全和/或IT治理和/或訪問與身份管理領域的基礎知識
- Self-confident, Communication/influence skills, Presentation Skills, team player
自信果敢，具備溝通/影響力技巧、演示能力，善于團隊協作
- Clear and fluent in Mandarin, Good written and oral English
普通話清晰流利，英語書面及口語能力良好
- Proficient in the use of word, excel, ppt and other commonly used office software
熟練使用Word、Excel、PPT等常用辦公軟件
- Meet with below requirements are preferred
符合以下條件者優先：
? Entitled as CISA or CISSP or ISO27001 IA/LA or PMP/Prince2
持有CISA、CISSP、ISO27001 IA/LA或PMP/Prince2認證
? Digital talents who are familiar with python, power platform, etc.
熟悉Python、Power Platform等技術的數字化人才
? Other其它
- Positive attitude, proactive and initiative
積極的態度，前瞻性和進取心
- Well organized, logic thinking, attention to details
思維清晰，有邏輯，細心
- High reliability and confidentiality consciousness
高度的責任心和保密意識
- Good health
身體健康
- Good professional ethics
良好的職業道德
- Care about details and precision
注重細節及精確性
- Self-motivated and able to work under pressure
能夠自我激勵并承受工作壓力
- Able to work overtime if necessary
必要時可以加班
- Hold positive attitude whenever facing different opinions or other problems and take nessesary actions to facilitate solutions
出現意見不合或其他問題時能夠以積極的態度應對，并采取行動積極配合以促進問題的解決。