Job Description: Security Manager
The Security Manager is responsible for managing all compliance related activities within GSC and supporting other global compliance related initiatives. His / her vision should always be to enhance the GSC security framework continuously to gain customer confidence and enhance Huawei brand image. He / She should always focus end to end security requirements with respect to departments and functions in GSC.
This compliance includes both Organizational (Internal within Huawei) and legal requirements of the countries supported by GSC. Compliance activities will include coordinating internal and external assessments/audits, contributing to policy and standards updates, developing compliance policies/regulations and producing compliance reports, metrics, scorecards and dashboards. This position requires some technical background with appropriate security training/skills.

Responsibilities:

Part 1: Basic Responsibilities
Understand the legal and regulatory requirements of the countries being supported by GSC and ensure strict compliance of the same. Lead, manage and improve security compliance program for Telecom and IT.
Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
Ensure Export Administration & Regulation (EAR) awareness and compliance of GSC
Coordinate external audits, third party penetration tests and customer assessments of Telecom and IT platform
Ensure the data security privacy of Huawei and Customer data
Provide recommendations to key projects in GSC in order to improve project results, quality of deliverables, risk optimization, security processes and compliance with regulations and auditor expectations.
Keeping operation activities comply with customer and Huawei security policy and regulation. Provide security training, consultation and troubleshooting services

Part 2: Security Operation
Review enterprise security regulation and compliance. Determine threats, identify risks and vulnerabilities to the organization; research security breaches and recommend corrective actions. Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation
Ensure security compliance processes, including (but not limited to) compliance charts and risk assessments, compliance plans and compliance certificates, Conduct Periodic Compliance and SACA Tests to measure the maturity of the organization against the security metrics
Conduct Cyber Security and Privacy Protection Crisis Drills and identify gaps and improvement areas with respect to Crisis management
Company-wide information security awareness promotion (Training, Risk Alerts, case investigation).

Security Incident handling and regular reports
Ensure the competency enhancement of security SPOC and security team continuously to enhance the compliance of GSC.
Conduct information technology risk assessments to identify gaps and make sound recommendations for improvement. Spearhead the IT security activities & its continuous improvement with process and tools. Drive the vulnerability management periodically for continuous improvement
Drive compliance with regulatory requirements including ISO 22k, ISO 27K& other ISO standards as per the customer’s requirement through proactive planning, communication, coordination and influence

Part 3: Supporting and Cooperation
Coordinate with stakeholders and GSC staff to assist external auditors on audits. Facilitate management response and remediation efforts.
Assist Sales teams in responding to information security questionnaires from prospects and customers.
Assist the Shared Service Operations & Development Dept in coordinating and conducting infrastructure, application, and process and site assessments to identify key security exposures and recommend improvements on premises, 3rd party hosting sites