Regional IT Manager (Operation Security) (Luxury Retail) Client Description Global luxury retail corporation Job Description Manage daily security operation and project activities complying with industrial security standards including server, network, mobile technology, and develop baseline security standards with audit logging and monitoring measures. Demonstrate professional security operation capability and act as subject matter expert, maintaining level-3 operation knowledge including documentation, consistency, and standards in the company. Assist country Service Delivery Managers, regional operation and infrastructure teams, and CISO on daily operation support and lifecycle project management, assuming end-to-end responsibility over security solutions including requirements gathering, solution strategy and roadmap, solution selection, vendor selection, implementation, maintenance, and support. Act as a partner/advisor to internal IT and business functions with relevant solutions fulfilling business, budgetary, and technical requirements to meet current and future needs. Effective communication skills are essential to deliver these challenging initiatives and manage activities across IT teams within the APAC region. Operation Security - Network components security configuration: Proactively review and conduct necessary configuration changes and patching on network components (e.g., Router, Switch, WIFI) to address vulnerabilities; Proactively review and initiate Firewall rule refinement; Manage 3rd party Security Operation Center (SOC) as technical authority. Server components security configuration: Proactively review and conduct necessary configuration changes and patching on server components (Windows server, workstation, UNIX, SAN, content filtering system) to address vulnerabilities. Anti-Virus and endpoint protection configuration: Manage Anti-virus and endpoint protection configuration; Manage endpoint encryption software. Vulnerability Scanning and Penetration Test: Conduct vulnerability scanning and internal penetration tests on systems/applications per request; Present and communicate findings of penetration tests with proactive recommendations to stakeholders. Incident Response to cybersecurity incidents: Proactively detect and follow up on incident responses to cybersecurity incidents; Identify solutions and communicate with internal and external stakeholders to minimize impact to the organization. Operation Security Status Reporting: Provide regular operation security status reports at regional and country levels; Provide regular operation security status reports by domains (Network, Server, Anti-Virus, content filtering, etc). Project Delivery: Assist the delivery of cybersecurity projects including Network/System/Application layers; Advise project teams on emerging security requirements based on network/system/application nature and potential security risks; Engage in security strategy and roadmap with regional and global stakeholders to streamline planning. Audit: Respond to auditor’s requests for security information in internal and external audits; Follow up on auditor’s comments in a timely manner. Security Governance Management: Establish and maintain governance and communications within IT to reflect security agendas; Work closely with market and regional IT teams to ensure individual security requests and concerns are fully addressed; Responsible for security incident reviews, where the security manager provides consultancy and decisions on behalf of regional IT; Provide financial management support relative to SLA and OLA commitments, including budget planning and optimization, adapted to financial needs; Track change control status. Vendor Management: Conduct periodic performance and KPI reviews with security providers based on agreed contractual terms; Maintain solid working relationships with vendors and manage escalations as required; Manage billing, payments, and contract negotiations; Communicate effectively with internal business and IT teams, and make sound management decisions; Coach and lead the service team to constantly challenge themselves and display professionalism. Job Requirements Undergraduate Degrees in Engineering, Computer Science, Information Technology or related technical field. Certifications in CISSP or CISA, CCNP Security, CEH – Certified Ethical Hacker, ITIL V3 Foundation. At least 15+ years of hands-on experience in 7x24 production support on network, infrastructure, and application environments, with a minimum of 5+ years in the security arena and 3+ years in managing security functions. Experience with Infrastructure and Application security project delivery. Working experience in MNC or retail industry is preferred. Technical knowledge of current security technologies and security standards of networking, telephony, virtualization, DBMS, Active Directory, Internet, collaboration tools, and operating systems. Solid experience with network security, systems security, data security, and application security management. Solid security knowledge of network protocols such as TCP/IP, HTTP, NTP, SNMP. In-depth understanding of cryptography and solid experience with encryption tools. Solid experience in administering security appliances including ASA Firewall, Forcepoint, Cloudi-fi (Zscaler), etc. Solid security knowledge of core client technologies, including Microsoft Windows. Security knowledge working with cloud computing; preferably AWS, Azure. Solid understanding of security infrastructure technology and an interest in following trends in security technology evolutions. Holistic view of system security operations and interfacing with other infrastructure and application teams. Organized, self-motivated, enthusiastic, and proven rapid learning capability. Good spoken and written English skills, with business-level Mandarin as a plus. Professional presentation capabilities both on paper and verbally. Proven multi-tasking skills and a desire to resolve problems with a positive ‘can-do’ attitude. Innovative problem-solving, design, and testing skills with a passion to deliver. Confidence and flexibility to often work under significant pressure to deliver effective and high-quality solutions and designs.
#J-18808-Ljbffr