Location
Beijing
Scope
Oracle's Global Information Security (GIS) Team is the focal point for matters relating to Information Security. GIS is ultimately responsible for preventing, detecting, investigating, educating and recovering from threats to Oracle information or information systems. The group works with all LOBs and management globally to define and deliver overall security direction. They also ensure audit practices are in place that comply with regulatory requirements and the overall protection of tangible and intangible assets, intellectual property and personal data.
Ensure compliance with the Corporate Security Policy strategies in China .
General Description and Position Goals
The Manager, Information Security, reports to the Manager, Information Security - China . He/She is accountable for ensuring that proper safeguards are in place to effectively manage the information security requirements of the China offices, particularly the China Development Centers. He/She will work and coordinate with other LOB professionals, e.g. Data Protection, Physical Security, GIT Security, Legal, HR, Development, Presales, Public Policy to define and deliver overall security policy and will ensure best information security practices are in place for customer operations and/or partners that may physically reside, or have some form of operations that are hosted at the facilities. He/she will also be expected to support regional management with regards to any security issues and to contribute to the Global Information Security Group's objectives.
Responsibilities/Tasks
• Identify any weaknesses within Oracle's existing security practice within China and define an action plan to address the defined weaknesses.
• Perform planned and ad-hoc security reviews to ensure compliance with existing policies.
• Advise management on risks and security best practice.
• Identify and establish compliance with any regional regulatory requirements.
• Implement Security Awareness Programs, liaising with GIS, to China employees in order to raise consciousness about information security and intellectual property.
• Review existing Security Policies and develop new ones specific to the region.
• Perform security investigation within China on all information issues and assets (e.g. cybercrimes), non-compliance, or policy violation in support of Legal/HR and in coordination with the Global Information Security group.
• Perform special security projects on an ad hoc basis in support of the Global Information Security group.
• Ensure the network is free form any rouge servers, or other unauthorised machines.
• Liaison with outside Regional agencies relating to Information Law Enforcement and Regulatory Compliance and with peer Security Managers from other corporations. Be proactive in encouraging law enforcement activities in Information crime/problem areas.
• Support and interact with LOBs with respect to security issues, particularly developer team and On-Demand.
• Provide support and local leadership for the Global Business Continuity program.
• Speak at internal and external security events/forums and be able to interface with customers in a professional manner.
Qualifications
• Fully versed in all security aspects and technical aspects (ISO17799/27001 and best practices security model). As such, he/she is mid-level security professional (3-5 years experience) with good security assessment, audit and compliance skills.
• Have the ability for independently handling security related issues, with special regard to incidents investigation business continuity/disaster recovery solutions and operations.
• Good technical grounding in various web application, operating systems and networks.
• Strong organizational, oral and written skills.
• Excellent team player.
• Self-starter, who does not need micro managing.
• Must be able to communicate with people at all levels on technical and strategic issues.
• Fluent in English with local language skills.
This description is not intended to be a complete statement of the position but rather to act as a guide to the general work to be performed.