Specialist / Senior Specialist - IT Security - Information Technology Services
Deloitte China's professionals provide a full range of audit & assurance, consulting, financial advisory, risk management and tax services. We connect with the Deloitte Global network to provide clients of any size with local experience and international expertise. As one of the leading professional services providers, we have considerable experience in this marketplace.
The Deloitte purpose is about making an impact that matters to our clients, people and society. Our extensive spectrum of services enables us to help our clients become leaders wherever they choose to compete. We are committed to investing in our people and empowering them to achieve more than they can elsewhere. Our advice is only as valuable as our actions and integrity. We believe that by strengthening our clients and society, we become stronger ourselves.
To learn more about how Deloitte makes an impact that matters in China, connect with the Deloitte China social media platforms at www2.deloitte.com/cn/en/social-media. Work you'll do:
- Provide advisory support to business stakeholders and various application development teams on proper managing IT security risk throughout software development life cycle in compliance with the Technology Operating Model
- Work closely with project team on various security checkpoints in defining security requirements, security controls design, security testing and quality assurance check according to globally-defined standards and policies
- Co-ordinate with business functions in conducting security risk assessment, application architecture review, security requirements identification and controls verification processes
- Perform vulnerability scanning on applications and work with developers to resolve security related issues and provide consultancy on coding best practices and mitigations prior to production release
- Participate to build up a culture of secure SDLC and raise awareness to developers on programming practices according to the secure coding requirements and guidelines
- Contribute to ensure compliance to corporate information security policies, standards and practices as well as liaise with relevant stakeholders, including contractors and vendors
- Assist to manage application security framework and drive other information security initiatives.
- Perform other related duties as assigned.
- 3-5 years' experience in managing application security risk from development to production stage with knowledge of secure coding practices and common threat vectors such as the OWASP top 10.
- Degree holder in Computer Science, Information System or related discipline
- CISSP, CSSLP, CEH, GWAPT or equivalent security related qualifications.
- Excellent knowledge of the SDLC with sound application development background would be preferable
- Exposure on cloud platform, cloud security industry best practices would be a plus
- Working knowledge of vulnerability testing tools and methodologies.
- Strong self-motivation, pro-active, good communication and analytical skills.
- Good people skills to work with business users and technical teams, independently work with less supervision and under pressure
- Good command of both spoken and written Chinese (including Mandarin) and English.
Deloitte China refers to Deloitte Touche Tohmatsu in Hong Kong, Deloitte Touche Tohmatsu in Macau, Deloitte Touche Tohmatsu Certified Public Accountants LLP in the Chinese Mainland and their respective affiliates practising in Hong Kong, Macau and the Chinese Mainland.
Requisition code: CN169867