System Risk Control Analyst

We are seeking a highly skilled and experienced System Risk Control Specialist to join our Information Security team. The successful candidate will be responsible for overseeing the company's overall information security planning, establishing security management system processes, designing and implementing systems, conducting security assessments, and leading efforts to identify and mitigate security vulnerabilities. This role is crucial in ensuring the integrity, confidentiality, and availability of our information systems.

• Information Security Planning and Management:
  • Develop and maintain comprehensive information security strategies and policies.
  • Establish and oversee security management system processes to ensure robust protection of company data.
  • Design and implement effective security systems to safeguard information assets.
• Security Assessments and Solutions Implementation:
  • Conduct thorough security assessments on systems, networks, and servers.
  • Collaborate with relevant teams to implement recommended security solutions and track progress.
  • Promote the execution of security measures and ensure compliance with industry standards.
• Vulnerability Management:
  • Monitor industry trends for security vulnerabilities and patch information.
  • Assess risks associated with identified vulnerabilities and submit detailed risk reports.
  • Proactively address and mitigate risks related to security facilities.
• Penetration Testing and Incident Response:
  • Perform penetration testing and identify potential system intrusions.
  • Develop and manage alarms and trace analysis protocols.
  • Implement measures to prevent and respond to security breaches.
• Team Leadership and Development:
  • Lead the information security team, including personnel planning and guidance.
  • Provide training and development opportunities to enhance team capabilities.
  • Improve and maintain the team’s document knowledge reserves.

• System security, computer application related major, more than 3 years of system security experience.
• Familiar with Linux, Windows operating systems, web application servers and other related security policies and procedures.
• Familiar with mainstream security tools and technologies, IDS/IPS, etc., and have practical experience in policy formulation and incident handling.
• Familiar with web security attack and defense, system penetration testing.
• Have a strong interest in vulnerability discovery and be familiar with common web vulnerability principles such as SQL injection, XSS, etc.
• Proven expertise in security assessment, vulnerability management, and penetration testing.
• Have strong language skills in Chinese/English.