IT Security Specialist 安全专家

Your Responsibilities：
Technical Security Advisory
• Perform security assessments and vulnerability evaluations in alignment with corporate security baselines and policies.
• Provide expert security guidance for on‑demand requests, including solution design reviews and architectural recommendations.
• Participate in IT and security projects as a subject matter expert to ensure secure implementation of systems and services.
• Operate and enhance key security services and platforms (e.g., SIEM, IAM, Vulnerability Management).
• Support the full vulnerability management lifecycle: identification, prioritization, mitigation tracking, and reporting.
• Collaborate with stakeholders to analyze security gaps and risks, contributing to the continuous maturity of the corporate IT security environment.
Governance, risk and compliance
• Support internal and external audits by preparing documentation, coordinating participants, and managing evidence.
• Monitor compliance with security policies, processes, and controls across global locations.
• Track audit findings and ensure clear ownership and remediation accountability.
• Assist in developing and maintaining security-related documentation, including controls, procedures, and reports.
• Provide training and guidance to stakeholders on security requirements and audit expectations.
• Contribute to incident management and access governance processes as required.
Additional Responsibilities
• Collaborate closely with the Information Security team to ensure alignment on audit requirements, security controls, and evidence preparation.
• Prepare, guide, and train audit participants to ensure they understand security expectations, control implementations, and documentation standards.
Your Profile:
• Bachelor’s degree in Computer Science, IT Security, Engineering, or a comparable field.
• Minimum 3–5 years of experience in cybersecurity, IT risk & compliance, audit coordination, or security operations.
• Experience working in international environments and collaborating with cross‑functional teams.
• Strong understanding of IT security principles, frameworks, and risk management practices (e.g., ISO 27001/2, NIST, NIS2).
• SIEM & EDR platforms (e.g., Splunk, Sentinel, LogRhythm)
• Vulnerability management processes and security assessment methodologies
• Incident response principles
• Cloud security (AWS, Azure, GCP) — advantage
• Excellent communication and interpersonal skills for engaging stakeholders and senior management.
• Ability to work effectively in a dynamic, global, and multicultural environment.
• Strong analytical and conceptual thinking, structured work style, and a team‑oriented mindset.