Objectives of this Role

• Guard all company data, particularly sensitive information, from both internal and external threats by designing broad defenses against would-be intruders

• Take the lead in day-to-day monitoring for unusual activities, implement defensive protocols, and report incidents

• Collaborate with other members to develop new protocols, layers of protection, and other proactive and defensive systems for remaining ahead of cyber criminals

• Maintain documentation of security guidelines, procedures, standards, and controls

• Maintain knowledge of current cybercrime tactics

Responsibilities:

• Collect data on current security measures for risk analysis, and write systems status reports regularly

• Monitor constantly for attacks and run appropriate defensive protocols if a breach occurs

• Conduct testing to identify vulnerabilities, and collaborate with the cybersecurity team to update defensive protocols when necessary

• Configure antivirus systems, firewalls, data centers, and software updates with a security-first mindset

• Grant credentials to authorized users, monitor access-related activities, and check for unregistered information changes

• Help lead employee training to prevent phishing and other forms of cyberattacks

Skills and qualifications:

● Knowledge of security frameworks: strong understanding of security frameworks such as ISO 27001, NIST, and CIS.

● Risk management skills: identify and assess risks, and develop risk management plans to mitigate them.

● Technical skills: a solid understanding of networking, operating systems, databases, and security technologies such as firewalls, intrusion detection/prevention systems, and antivirus software.

● Incident response skills: respond to security incidents effectively, including identifying the root cause, containing the incident, and restoring normal operations.

● Communication skills: communicate effectively with both technical and non-technical stakeholders, including executives, IT teams, and end-users.

● Analytical skills: analyze data and make informed decisions based on the information available.

● Business acumen: good understanding of business operations, strategies, and objectives to align security goals with the overall business goals.

● Continuous learning: willingness to continuously learn and stay up-to-date with the latest trends and technologies in the security field.

● Certifications: Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Information Security Manager (CISM) can demonstrate the security specialist's expertise and knowledge.

目前仍採線上面談。