IT Manager - Operation Security (Luxury Retail, Regional)

IT Manager - Operation Security (Luxury Retail, Regional) Client Description Global luxury retail corporation Job Description

1. The Security Manager will manage daily security operation and project activities complying with industrial security standards including server, network, mobile technology, and develop baseline security standards with audit logging and monitoring measures.
2. The role should demonstrate professional security operation capability and act as subject matter expert, maintaining level-3 operation knowledge including documentation, consistency, and standards in Chanel.
3. This role should assist country Service Delivery Managers, regional operation and infrastructure teams, and CISO on daily operation support and lifecycle project management, assuming end-to-end responsibility over security solutions including requirements gathering, solution strategy and roadmap, solution selection, vendor selection, implementation, maintenance, and support.
4. This role acts as a partner/advisor to internal IT and business functions with relevant solutions fulfilling business, budgetary, and technical requirements to meet current and future needs. Effective and efficient communication skills are essential to deliver these challenging initiatives and manage activities across IT teams within the APAC region.
5. Network components security configuration - Proactive review and conduct necessary configuration changes and patching on network components (e.g., Router, Switch, WIFI, etc.) to address vulnerabilities.
6. Server components security configuration - Proactive review and conduct necessary configuration changes and patching on server components (Windows server, workstation, UNIX, SAN, content filtering system, etc.) to address vulnerabilities.
7. Anti-Virus and endpoint protection configuration - Manage Anti-virus and endpoint protection configuration.
8. Vulnerability Scanning and Penetration Test - Conduct vulnerability scanning and internal penetration tests on systems/applications per request.
9. Incident Response to cybersecurity incidents - Proactively detect and follow up on incident responses to cybersecurity incidents.
10. Operation Security Status Reporting - Provide regular operation security status reports at regional and country levels.
11. Project Delivery - Assist the delivery of cybersecurity projects including Network/System/Application layers.
12. Audit - Respond to auditor's requests for security information in internal and external audits.
13. Security Governance Management - Establish and maintain governance and communications within IT to reflect security agendas.
14. Work closely with market and regional IT teams to ensure individual security requests and concerns are fully addressed.
15. Responsible for security incident reviews, where the security manager provides consultancy and decisions on behalf of the regional IT.
16. Provide financial management support relative to SLA and OLA commitments, including budget planning and optimization, adapted to financial needs.
17. Vendor Management - Conduct periodic performance and KPI reviews with security providers based on agreed contractual terms.
18. People Management - Communicate effectively with internal business and IT teams, and make sound management decisions.
19. Coach and lead the service team to constantly challenge themselves and display professionalism.

1. Undergraduate Degrees in Engineering, Computer Science, Information Technology, or related technical field.
2. Certifications in CISSP or CISA, CCNP Security, CEH - Certified Ethical Hacker / Preferred: ITIL V3 Foundation.
3. At least 15+ years of hands-on experience in 7x24 production support on network, infrastructure, and application environments with a minimum of 5+ years in the security arena and 3+ years in managing security functions.
4. Experience with Infrastructure and Application security project delivery.
5. Working experience in MNC or retail industry is preferred.
6. Technical knowledge of current security technologies and security standards of networking, telephony, virtualization, DBMS, Active Directory, Internet, collaboration tools, and operating systems.
7. Solid experience with network security, systems security, data security, and application security management.
8. Solid security knowledge of network protocols such as TCP/IP, HTTP, NTP, SNMP.
9. In-depth understanding of cryptography and solid experience with encryption tools.
10. Solid experience in administering security appliances including ASA Firewall, Forcepoint, Cloudi-fi (Zscaler), etc.
11. Solid security knowledge of core client technologies, including Microsoft Windows.
12. Security knowledge working with cloud computing; preferably AWS, Azure.
13. Solid understanding of security infrastructure technology and an interest in following the trend of security technology evolutions.
14. Holistic view of system security operations and interfacing with other infrastructure and application teams.
15. Organized, self-motivated, enthusiastic, and proven rapid learning capability.
16. Good spoken and written English skills, with business-level Mandarin as a plus.
17. Professional presentation capabilities both on paper and verbally.
18. Proven multi-tasking skills and desire to resolve problems with a positive 'can-do' attitude.