IT Security Officer

Responsibilities:

• Support the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in alignment with ISO/IEC 27001 requirements.
• Ensure governance, compliance, and documentation practices are maintained to support internal and external audits.
• Update and enforce information security policies, standards, and procedures.
• Assist in preparing audit evidence, support audit process, and maintain risk and incident registers.
• Conduct vulnerability assessments and manage remediation activities to mitigate identified risks and vulnerabilities.
• Maintain change management records and ensure approvals or test records are established in accordance with change management procedures for audits.
• Conduct regular reviews of logs, ensuring abnormalities are investigated and retention periods meets internal standards.
• Escalate identified anomalies or potential threats to responsible stakeholders, providing relevant evidence.
• Maintain accurate asset and configuration inventories and provide oversight and reporting for compliance checks.
• Support awareness training programs to promote compliance with information security policies and controls.

Requirements:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related discipline (or equivalent experience).
• Knowledge of information security standards and best practices (ISO/IEC 27001, SOC Type II and MLPS (等保) 2.0 preferred).
• 1 to 2 years experience in IT security governance, risk management, or compliance roles.
• Knowledge in cloud platforms (Amazon Web Services, AliCloud, or other IaaS cloud service providers)
• Strong communication skills with the ability to document processes and present audit evidence.
• Analytical mindset and attention to detail with a commitment to continuous improvement.