Overview
Senior Manager of Information Security, Greater China Jobs in Shanghai, China at Accor
Title: Senior Manager of Information Security, Greater China
Company: Accor
Location: Shanghai, China
Information Security team is the IT security representative in one of Accor regional hubs. Senior Manager of Information Security will be physically working at the HUB head office, working closely with both local teams and experts from the corporate security team to support the business while managing risks at a global level. (Senior)Director of Information Security will be the single point of contact for security related questions in the hub, coordinating with global experts when needed.
Primary Responsibilities
·Governance:distribute group security policies, adapt to local needs and suggest improvements of group level rules. You will ensure local teams’ awareness and enforce policies application in local projects.
·Reporting:you will provide regular security KPIs on risks, patching level, incidents and exceptions.
·Budget:you will be in charge of capacity management and security licenses / hardware renewal needs for the regions, helping the corporate team to consolidate the group security budget. When local security vendors exist, you will own the relationship.
·Security systems:you will coordinate network security by facilitating and following security technologies deployment (such as firewalls, endpoint security, etc.) and helping other IT teams to use them properly, such as teaching them how to build their flows matrix. You will also lead projects to bring back local specificities to group standard. You will also be responsible for L2 support regarding security technologies, handling escalation to the corporate team for L3 when necessary. Finally, you will be in charge of regular rules review at the regional level.
·Security follow-up:you will make sure regional IT and business teams understand their security responsibilities such as identity management, patching, incident response, system hardening, cloud security, compliance, etc. and help them following the group methodology. You will implement appropriate control procedures to detect and fix deviance from the group standards.
·Projects:you will be responsible for specific projects, either for local needs as a regional brand integration for example, or to launch security initiatives as a pilot region
Knowledge and Experience
· B.S. – M.S. in Computer Science
· 5-10 years’ experience in IT Security
· ITIL Foundation or higher
· PCI-DSS experience
· OWASP Top 10
· Experience in hotel industry
· Checkpoint and Forcepoint firewalls
· Microsoft environment (AD, Office365, SCCM, etc.)
· Cloud security (AWS and Azure)
· Qualys vulnerability scans, Splunk and other security tools (i.e., Trend Micro Antivirus, McAfee proxies, Pulse Secure, Bomgar, FireEye, Checkmarx, ALSID, CyberArk)
Competencies
· The job requires a mix of technical and information security management skills.
· A very good understanding of technical security systems and the ability to do advanced troubleshooting is key, as the first risk for hotels is the unavailability of their IT systems.
· You are also a good business partner, facilitating the business while not letting risks unmanaged. We are not looking for a “paper based” security approach neither for a compliance driven security such as ISO27001, but for a pragmatic approach adapted to the nature of the hospitality industry.
· You are a good influencer, and someone the corporate team can trust, to make sure you can have the necessary autonomy while …
