IT Engineer, Staff (Taipei)(3070815)

【本職缺優先審核至高通官網投遞人選】請至高通官網上傳英文履歷表：https://qualcomm.wd12.myworkdayjobs.com/External/job/Taipei-TWN/IT-Engineer–Staff_3070815 【Talents who apply job through Qualcomm Career Website will be reviewed and considered as top priority】 https://qualcomm.wd12.myworkdayjobs.com/External/job/Taipei-TWN/IT-Engineer--Staff_3070815 【General Summary】 The Information Security & Risk Management organization is looking for a strong team player with industry experience in cyber security risk management, assessments, and audit compliance. The role will play a key part in the supply chain security assurance through onsite and remote assessments as well as performing internal security reviews. 【Responsibilities】 ．Maintains security by monitoring and ensuring compliance to security and contractual obligations of suppliers ．Enhancing the supply chain security program through alignment with risk management frameworks ．Prepares system security reports by collecting, analyzing, and summarizing risk trends ．Must be familiar with gathering system requirements, performing independent analysis and taking actions to execute on a plan. 【The ideal candidate】 ．Will have in-depth experience in an audit function, including standardized audit methodologies such as those associated with SOX, ISO 27001, or as dictated by the Certified Information Systems Auditor (CISA) methodologies ．Background and experience with performing general security assessments and reviews ．Will have a professional demeanor and have experience presenting to executive leadership, customers, and partners ．Will have a demonstrable track record for leveraging standard risk assessment frameworks and standardized methodologies for assessing third parties who are critical to the company product supply chain ．Exceptional communications skills desired ．Will have a track record of flexibility and versatility to adapt to the ever-changing threat environment and business drivers that influence the projects and priorities of ISRM ．Can manage complex programs or projects on a global scale with little to no direction. ．Drive propagation of security improvements through engineering and enterprise environments, including hands-on technical work as needed. 【Skills/Experience】 ．Experience in performing security audits against key suppliers and third parties Performed risk assessments and security architecture reviews ．Help drive security actions to closure on key projects and programs ．Excellent cross functional relationship building skills ．Five years of hands-on information security experience in a large-sized enterprise IT environment with thorough understanding of risk assessment and audit standards such as ISO 27001, COBIT, and NIST Cybersecurity Framework ．Support other information security and risk management activities, goals and objectives as requested. 【Other preferred skills include】 ．Desired Certifications: CISSP, CISM, CISA, CRISC ．Experience in understanding regional regulations such as the China Cyber Security Law ．Ability to document, enhance, and create compliance metrics and Key Performance Indicators