Senior Security & Compliance Specialist
|Work exp||Minimum 5 Years|
|Employment type||Full Time|
|Industry||Hospitality / Hotel Services|
Information Technology > IT Project Management
Information Technology > Security / Audit
Information Technology > System Architect
The Senior Security & Compliance Specialist provides consultancy to IT teams and IT management in compliance programs, including Sarbanes Oxley (SOX), Payment Card Industry Data Security Standards (PCI DSS), internal control requirements, relevant corporate standards, rules and regulations.
- Design, implement and maintain IT compliance self-assessment remediation monitoring, and reporting activities toward continuous improvement. Identify IT risks and opportunities for improvement.
- Coordinate internal and external audit work over IT operations and processes; liaise with IT teams in gathering documents and testing related IT controls during audit reviews
- Follow up with IT teams for any non-compliance issues and coordinate plans for remediation/ mitigation of risks and exposure; review remediation results
- Provide consultancy in defining the improvement plans and procedures for enforcement and compliance of corporate policies and standards
- Work closely with Corporate and Segment in US for compliance relating activities and Interact with different teams within the department to agree on practical solutions and processes
- Bachelor’s degree or equivalent
- Minimum of 5 years in IT auditing or consultancy, preferable in a Big-4 or in a multinational firm
- Good knowledge of IT governance, risk management, control evaluation and over IT process, infrastructure, operations and systems development as well as application change management and resolution
- Solid experience in IT compliance for Sarbanes Oxley legislation, SSAE16, ISO27001, etc.
- Experience in the use of industrial best practices e.g. COBIT, ITIL is an added advantage
- Proven Chinese and English language proficiency, both written and oral
- Holder of Certified Information System Security Professionals (CISSP) or Certified Information Systems Auditor (CISA) is preferred