职位描述:
Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate maintenance of secure configurations.Track compliance across multiple security frameworks including ISO/IEC27xxx, NIST, GDPR, and CCPA and maintain up-to-date records of requirements and corresponding mitigating controls.Monitor third-party risk assessments and assist in performing internal risk assessments.Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.Develop key performance metrics to track and ensure compliance with established policies and standards.Work out the realistic solution to have security risk issues and requirements fixed or fulfilledJob Requirement:Bachelor’s degree in computer science, with business and IT audit or compliance experience desired.Knowledge and understanding of ISO27xxx, GDPR, NIST, and SOC-2 information security standards and/or frameworks.Familiar with public clouds, like AWS, Azure, etc. understand the particular security/compliance challenge to the IT infrastructure running on public cloud.Ability to maintain security documentation and manuals.Minimum 5 years’ experience conducting IT security management.High-level of attention to detail and be a self-starter with the ability to work independently, multi-task, and adjust to shifting prioritiesStrong oral and written communication skills.Preferred Qualifications:CISA, CISSP, PMP, CIPM, ISO 27XXX or other compliance certificationStrong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplinesExperience executing IT, application development management, data management, incident and problem management processes; ITIL experience a plusBroad and in-depth knowledge in the use of compliance monitoring and reporting platformsWorking knowledge of international compliance standards and requirements
职位要求:
Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards to validate maintenance of secure configurations.Track compliance across multiple security frameworks including ISO/IEC27xxx, NIST, GDPR, and CCPA and maintain up-to-date records of requirements and corresponding mitigating controls.Monitor third-party risk assessments and assist in performing internal risk assessments.Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.Develop key performance metrics to track and ensure compliance with established policies and standards.Work out the realistic solution to have security risk issues and requirements fixed or fulfilledJob Requirement:Bachelor’s degree in computer science, with business and IT audit or compliance experience desired.Knowledge and understanding of ISO27xxx, GDPR, NIST, and SOC-2 information security standards and/or frameworks.Familiar with public clouds, like AWS, Azure, etc. understand the particular security/compliance challenge to the IT infrastructure running on public cloud.Ability to maintain security documentation and manuals.Minimum 5 years’ experience conducting IT security management.High-level of attention to detail and be a self-starter with the ability to work independently, multi-task, and adjust to shifting prioritiesStrong oral and written communication skills.Preferred Qualifications:CISA, CISSP, PMP, CIPM, ISO 27XXX or other compliance certificationStrong analytical/problem-solving skills and cross-functional expertise across multiple IT operational and security disciplinesExperience executing IT, application development management, data management, incident and problem management processes; ITIL experience a plusBroad and in-depth knowledge in the use of compliance monitoring and reporting platformsWorking knowledge of international compliance standards and requirements
招聘部门:
小米
工作地点:
新加坡社招全职职位 ID:J9570
面试建议:
这个高级信息安全合规工程师职位对候选人的要求相当全面,不仅需要扎实的技术背景,还需要对多种国际安全合规框架有深入理解。特别值得注意的是,这个职位强调了公有云环境下的安全合规挑战,这在当前云原生时代尤为重要。同时,5年以上的IT安全管理经验要求表明这是一个需要丰富实战经验的岗位。 在准备面试时,建议重点准备以下几个方面:首先,确保你对ISO27xxx、GDPR、NIST等框架有系统性的理解,能够举例说明如何在实际工作中应用这些标准。其次,针对公有云安全部分,准备一些你在AWS或Azure平台上处理安全合规问题的实际案例。另外,由于这个职位需要跨部门协作,要准备好展示你的沟通能力和项目管理经验。最后,如果你持有CISA、CISSP等认证,一定要在面试中强调这些资质。记得带上你曾经制定的安全文档或合规报告作为作品展示,这会给面试官留下深刻印象。