「資訊安全專案經理(Project Manager)-台北」的相似工作

主要工作內容 1. 協銷產品線: HPE, NetApp, DellEMC, Veritas, Veeam & VMware等國際一線品牌產品。 2. 對客戶提供 產品/方案介紹、案例分享 3. 訪談客戶需求並規劃解決方案與服務內容 4. 簡報規劃內容與服務項目 5. 規劃專案功能架構驗證測試計畫(POC Plan) 6.與業務團隊一起達成業績目標 上班地點:台北或新竹皆可

1. 負責SAP S/4HANA FI/CO 模組維護、IMG參數設定、客製開發及優化。 2. 日常使用者問題諮詢與解決 3. 使用者需求訪談、系統分析與規格書撰寫 4. 專案執行 5. 其他主管交辦事項 -------------- 其他條件 1.至少3年以上SAP ABAP 程式開發/維運經驗 2.至少3年以上FI或CO模組經驗，有FI或CO模組導入與顧問經驗者佳 3.具會計背景或SAP其他模組相關經驗者佳

1. 檢查並協助客戶通過各項網路安全認證 2. 協助客戶整合各項標準(見下方：其他條件說明)，取得證照為佳 3. 國際網路功能趨勢與標準宣導 4. 檢驗前後測分析 5. 客戶提問解答 此職務到職後，前期將會由Mentor帶領，從時程安排、了解客戶需求，到陪同客戶端服務，Mentorship後會接受各項專業規範培訓。

1.Server ／NAS軟硬體安裝設定、維護，熟悉叢集虛擬機者佳 2.網路設備安裝設定、維護，熟悉防火牆、VPN者佳 3.資訊設備資產管理 4.OA軟、硬體安裝維護與故障排除 5.其他主管交辦事項

熟悉網路設備設定 (Cisco、Juniper) 及裝機、熟悉防火牆 ( Paloalto、Fortinet)、AP (Aruba、Avaya) 設定及相關作業系統整合，具備 CCNA 以上證照為佳。

About the role: As a Senior GRC Officer, you will play a critical role in strengthening the organization’s cybersecurity governance and supporting the broader Governance, Risk & Compliance (GRC) program. Partnering with IT, HR, and business teams, you will drive initiatives that enhance security awareness and reinforce compliance across the group. You will collaborate with internal stakeholders and translate complex security concepts into clear, actionable guidance aligned with leading frameworks, including: - ISO/IEC 27001 - NIST Cybersecurity Framework (CSF) & SP 800 series - PCI-DSS (身為資訊安全風險資深管理師，您將在強化本組織的資安治理及推動更廣泛的治理、風險與合規（GRC）計劃中發揮關鍵作用。您將與 IT、HR 及業務團隊合作，推動提升資安意識及強化集團合規的各項行動。同時，您將與內部利害關係人合作，將複雜的資安概念轉化為清晰且可執行的指引，並確保與主要框架保持一致，包括：ISO/IEC 27001, NIST 網路安全框架(CSF)與 SP 800 系列及PCI-DSS)) What this job involves: [Assess & Benchmark]: 1. Perform cyber-risk and control-maturity assessments using frameworks such as NIST CSF, ISO 27001, Essential Eight, and proprietary models. (依據 NIST CSF、ISO 27001、Essential Eight 及內部專有模型，執行資安風險與控制成熟度評估) 2. Translate technical findings into executive-level insights and actionable roadmaps. (將技術發現轉化為高階管理層能理解的見解與可行的行動計劃) [Programme Design & Delivery]: 1. Design and implement cyber-risk programs, including risk registers, treatment plans, and dashboards. (設計並導入資安風險計劃，包括風險登錄表、處理計劃與儀表板) 2. Develop policies, standards, and procedures that ensure compliance and are practical for engineers to adopt. (制定符合合規要求且工程團隊能實際落實的政策、標準與程序) [Governance & Compliance]: 1. Own the GRC framework and policy suite; embed the “three lines of defence” model. (主導 GRC 框架與政策體系；落實「三道防線」模型) 2. Guide stakeholders through audits and regulatory reviews (e.g., APRA CPS 234, SOC 2). (引導利害關係人通過稽核與法規審查（如 APRA CPS 234、SOC 2)) 3. Monitor regulatory changes and advise the business on impacts within 30 days. (監控法規變化，並於 30 日內向業務部門提供影響評估與建議) [Strategic Advisory]: 1. Develop rolling multi-year cybersecurity and risk strategies aligned with corporate OKRs. (制定與公司 OKRs 相符的多年度資安與風險策略) 2. Present risk posture, KPI/KRI trends, and investment options to boards and regulators. (向董事會及監管機構呈報風險現況、KPI/KRI 趨勢及投資選項) [Leadership & Coaching]: 1. Mentor junior GRC analysts and upskill cross-functional teams on secure-by-design and offensive-security practices. (指導初階 GRC 分析師，並提升跨部門團隊在安全設計及攻擊性安全實務上的能力) 2. Foster a culture of continuous improvement and measurable risk reduction. (培養持續改進與可衡量風險降低的文化)

1. 協助公司維護ISMS資安管理制度並持續改善 2. 輔導客戶建立與維護ISMS資安管理制度/PIMS個資管理制度 3. 提供客戶ISMS資安管理制度/PIMS個資管理制度相關教育訓練 4. 了解國內外資安法令法規要求，協助客戶規劃資安合規活動 5. 客戶問題反應處理 6. 進行資安風險評估並提出改善建議 7. 培訓及指導員工提升資安意識，增強整體安全防護 8. 其它主管交辦事項

我們正在尋找一位資安分析師，負責 EDR 事件調查與分析，評估攻擊來源與影響範圍，並協助提升企業防禦能力。 如果你對威脅分析充滿熱情，擁有駭客思維，且具備技術探究精神，歡迎加入我們的團隊！ 必要條件 ✅ EDR/XDR/SIEM 經驗：至少 2 年 ✅ 熟悉國際主流 EDR：CrowdStrike、Microsoft Defender for Endpoint、Palo Alto Cortex、SentinelOne ✅ 事件分析能力：能獨立調查 EDR 事件，判斷攻擊來源與影響範圍 ✅ 攻擊與防禦知識：理解惡意軟體、攻擊技術及對應的檢測方法 ✅ 資安與網路分析：具備基本資安知識，能分析日誌與網路封包，並具備邏輯推理能力 ✅ 解決問題能力：能獨立分析問題並在快節奏環境下快速應對 ✅ 溝通與協作能力：能清楚表達分析結果，與不同層級人員合作 ✅ 技術熱忱：對新技術保持好奇心與學習動力 加分條件（優先考慮） ⭐ 熟悉 Threat Hunting⭐ 熟悉 Windows / Linux 端點行為分析⭐ 具備 Python 經驗⭐ 持有資安相關證照

1.有 Windows、Linux平台程式開發經驗，如 Microsoft Visual / Java / C++ / Python尤佳。 2.協助建置和部署資訊基礎架構(infrastructure)，包括虛擬機、容器、網路結構、資料庫.等，同時考量效能需求與安全標準。 3.有 Kubernetes、設計並優化CI/CD流程，提供給雲端開發使用經驗（有操作 K8S 經驗及CKA 認證尤佳）。 4.能協助客戶Vault產品建置及設定及系統維運服務，並協助解決相關的技術問題，進行故障排除和緊急應對及協助使用 Vault 管理和保護敏感數據、密碼和訪問權限。 5.熟悉 API Gateway、Cluster、Load balancing、網路、存儲、資訊安全架構經驗。 6.專案文件與技術文件的撰寫，如安裝文件、教育訓練、客戶要求等專案文件或公司內部技術文件。 7.其他主管交辦事項。 【加分條件】 1.熟悉 IoC工具 (Ansigle, Terraform, Pulumi)。 2.前後端開發測試經驗 (Nodejs, Python, Golang)。 3.會使用 git/gitlab等原始程式碼管理工具，能基於原始程式碼管理工具搭建自動化部署方案。 4.分散式系統、API Gateway、微服務工作經驗。 5.有雲端或地端的服務維運、基礎設施建置經驗。 6.有資安相關經驗。 7.系統性思考及問題解決能力。

【About the role】 Hytech is seeking a forward-thinking Manager of Software Security Architecture to lead the strategy, development, and execution of a world-class application security program. This highly technical leadership role will define the vision for embedding security throughout the software development lifecycle (SDLC), including modern AI and machine learning platforms. The ideal candidate will have deep expertise in secure software development, application security engineering, CI/CD automation, and integrating security into traditional, cloud-native, and AI-enabled environments. You will lead a global team of security engineers, build scalable developer-focused security solutions, and shape security strategies across engineering, infrastructure, DevOps, and data science teams. What this job involves: [Program Ownership & Strategy]: 1. Own and advance the enterprise application security program, including vision, technical strategy, and execution. 2. Define and implement scalable, modern AppSec practices for cloud-native and AI-enabled development. 3. Represent application security in enterprise architecture, risk, and compliance initiatives. 4. Define KPIs to measure security posture and program effectiveness. [Leadership & Collaboration]: 1. Lead, mentor, and grow a global team of application security engineers and specialists. 2. Promote a proactive “shift-left” culture by embedding security throughout the SDLC. 3. Partner with development, DevOps, AI/ML, and product teams to integrate secure practices into software and data science workflows. 4. Build strong cross-functional relationships to drive security-first thinking and align investments with business value. [Security Tooling & Technical Implementation]: 1. Drive adoption and optimization of security tools (SAST, DAST, SCA, IAST, secrets scanning, etc.) in CI/CD workflows. 2. Design and deploy developer-friendly tools for threat modeling, code scanning, secrets detection, and dependency analysis. 3. Implement internal secure-by-default frameworks and reference architectures. [AI/ML Security]: 1. Collaborate with AI/ML teams to implement secure design patterns for model development, training pipelines, and service deployment. 2. Develop and enforce security controls for AI applications, including data integrity, robustness, governance, and prompt injection prevention. 3. Evaluate and integrate emerging tools for securing ML pipelines, generative AI models, and AI APIs. [Security Enablement, Education & Documentation]: 1. Build scalable security enablement programs, including secure coding workshops, bootcamps, and self-service resources/platforms. 2. Develop and maintain internal security documentation, policies, and standards. [Research & Continuous Improvement]: 1. Stay current on application security threats, AI security research, and best practices in cloud and software engineering.

(1) SAP系統MM系統之相關需求分析、規劃、維護及維運；需具SAP ERP 5 年以上經驗。 (2) SAP MM模組相關程式與文件版本控管；系統操作, 使用手冊之維護與教育訓練。 (3) 擅長系統規劃與開發/資訊流程與邏輯分析/Trouble Shooting /企業內流程分析與優化改善。 (4) 需熟悉SAP ABAP開發、維護(須有開發或維護 ALV、Enhancement、Smartforms、RFC 經驗) 。 (5) 有SAP 與其他系統整合開發經驗為佳。 (6) 須具備英語溝通能力。

工作內容 1. 建構公司產品所需 3-Tier 系統環境架構及安裝公司產品 2. Server 定期維護、報修問題到場處理 3. Server OS 層級弱點掃描、漏洞修補 [基本技能] 1. 基礎網路概念 (TCP/IP、UDP、DNS、Switch、Firewall、Load Balance) 2. Linux 系統建置管理 (RHEL 6.x, CentOS 6.x, Ubuntu LTS 16.04 以上) 3. Windows 系統建置管理 (Windows Server 2012R2 以上) 4. VMWare vSphere Esxi Server 系統基本操作管理

1. 參與產品技術方案設計·並能架構良好的開發流程與規範。 2. 優化並提升開發團隊的技術與產能。 3. 開發人員任用與培育等相關事務。 4. 協助專案負責人評估與分析產品求與技術解決方案。

1.執行公司資訊安全工作，維護農漁會網路資訊安全，產出相關監控報表、配合外部法令修改，ISO 27001、27701 業務推動與維護，配合外部稽核活動。 2.負責資訊環境與網路系統的相關安全工作，包括防火牆、防毒軟體、資安設備維護、網路日誌分析、程式弱點掃描、壓力測試等工作的執行 3.系統安全性評估：負責評估資訊環境和網路系統的安全性，識別潛在的風險和弱點。 4.長官交辦事項。 其他說明： 1.筆試(資訊安全相關)：資格條件符合者，個別於104通知應試。 2.口試：筆試合格者，個別於104通知應試。

CloudMile 是一支年輕的創業團隊，也是亞洲領先的企業級人工智能，雲和安全技術解決方案提供商，為 Google 第一個獲得北亞基礎設施和機器學習專業知識的首要合作夥伴，歡迎渴望國際級舞台的你加入我們的行列！ 我們正在尋找一位主動積極且具備經驗的 SOC 經理，來領導我們的資安營運團隊。您將負責管理日常的 SOC 活動、推動事件回應流程，並在我們的 MSSP 環境中建立高效能的資安文化。 【工作內容】 ◎ 領導並指導資安營運團隊，提供專業指導與績效回饋 ◎ 監督資安監控、事件回應與升級處理流程 ◎ 持續優化偵測規則、回應手冊及 SOC 作業流程 ◎ 協調重大事件處理，確保符合服務層級協議 (SLA) ◎ 與內部團隊及外部合作夥伴協作，提升威脅偵測與應變能力 ◎ 支援 MSSP 客戶的導入流程，並參與客戶檢討會議 ◎ 持續關注新興威脅及資安最佳實務 【具備條件】 ◎ 資訊、網路安全或相關領域的學士學位 ◎ 3 年以上資安營運相關經驗，包含至少 1 年以上的管理經驗 ◎ 熟悉並實際操作過 SIEM/SOAR 工具，如 Splunk、Arcsight或QRadar ◎ 對雲端平台（如 GCP、AWS）有濃厚興趣，並熟悉現代資安與服務框架，如 MITRE ATT&CK、ISO 27001、ISO 20000 ◎ 具備良好的溝通、協調與問題解決能力 【加分條件】 ◎ 流利的英文能力；具備 CISSP、CISM 或 EC-Council CEH 等認證者尤佳

We are seeking a highly skilled and experienced Cybersecurity Project Supervisor to lead and oversee our cybersecurity compliance and improvement projects. The successful candidate will be responsible for planning and maintaining cybersecurity assurance, conducting audits, monitoring systems to prevent potential security risks, and managing and tracking cybersecurity incidents, events, and vulnerabilities. This role requires strong project management skills and the ability to work collaboratively with cross-functional teams to ensure the highest levels of cybersecurity across the organization. Key Responsibilities: 1. Cybersecurity Compliance: - Develop and implement comprehensive cybersecurity policies and procedures. - Conduct regular cybersecurity compliance audits to ensure adherence to industry standards and regulatory requirements (e.g., ISO 27001, NIST, GDPR). - Document findings from audits, prepare detailed reports, and recommend corrective actions. - Monitor compliance with cybersecurity policies and procedures to prevent potential security breaches. - Provide training and awareness programs to employees on cybersecurity compliance requirements. 2. Cybersecurity Enhancement and Improvement: - Plan and execute cybersecurity enhancement and improvement projects. - Conduct risk assessments to identify potential security risks and vulnerabilities. - Develop and implement plans to mitigate identified risks and vulnerabilities. - Stay current with the latest cybersecurity trends, threats, and technologies to continuously improve cybersecurity measures. 3. Cybersecurity Assurance: - Plan and maintain cybersecurity assurance activities, including auditing and monitoring. - Evaluate the effectiveness of existing security controls and identify areas for improvement. - Perform regular security assessments and penetration tests to identify weaknesses and vulnerabilities. - Ensure that cybersecurity measures comply with legal and regulatory requirements. 4. Incident Management: - Manage and track cybersecurity incidents and events, ensuring timely resolution. - Develop and implement incident response plans to address and mitigate cybersecurity incidents. - Maintain detailed records of cybersecurity incidents and breaches, including root cause analysis and lessons learned. - Coordinate with external cybersecurity experts and organizations as needed to respond to and resolve incidents. 5. Project Management: - Develop detailed project plans that outline the scope, objectives, timelines, and resource allocation for cybersecurity projects. - Allocate and manage resources effectively to ensure the successful completion of cybersecurity projects. - Communicate regularly with stakeholders, including senior management, to provide updates on project status and any security issues. - Provide security awareness training to project team members to ensure they understand and adhere to cybersecurity best practices.

1. 協助客戶處理資訊安全問題 2. 資安事件分析及報告 3. 提供客戶諮詢與解決方案

1. 定義、確認專案範圍與需求 2. 製作專案所需文件（服務建議書、評選簡報、工作說明書等） 3. 規劃與執行專案作業 4. 調度資源執行安裝與建置 5. 溝通、聯繫專案執行作業細節 6. 控制專案品質、成本及資源 7. 履約與驗收

What this job involves: [Cloud Security Architecture & Best Practices]: 1. Embed security best practices within the cloud environment, ensuring that security checks are automated and integrated at every stage of the software development lifecycle. (在雲端環境中導入安全最佳實務，確保安全檢查自動化並整合於軟體開發生命週期的每個階段) 2. Design and implement automated security detection/prevention measures and reports to identify and mitigate risks in the cloud environment. (設計並實施自動化的安全偵測與防護措施及報告，以識別並降低雲端環境中的風險) 3. Continuously evaluate and improve security practices within the DevOps environment, staying up to date with the latest security trends, tools, and techniques. (持續評估與優化 DevOps 環境中的安全實務，並主動瞭解最新的安全趨勢、工具與技術) [Security Operations & Monitoring]: 1. Monitoring and Logging: Implement and maintain security monitoring, logging, and alerting tools to detect and respond to security incidents in real-time. (監控與日誌：導入並維護安全監控、日誌與警示工具，以即時偵測並回應安全事件) 2. Perform threat modeling, risk assessments, and vulnerability analysis to proactively identify and address potential security threats. (執行威脅建模、風險評估與弱點分析，主動識別並處理潛在的安全威脅) 3. Develop and maintain incident response plans and collaborate with relevant teams to respond to and mitigate security incidents. (制定並維護事件應變計畫，並與相關團隊合作，以回應並減輕安全事件的影響) [Compliance & Risk Management]: 1. Ensure compliance with industry standards and regulations (e.g., GDPR, HIPAA, PCI-DSS) by integrating relevant security controls and conducting regular audits. (透過整合相關安全控管與定期稽核，確保符合產業標準與法規（如 GDPR、HIPAA、PCI-DSS等)) 2. Maintain clear and comprehensive documentation of security policies, procedures, and configurations. (維護清晰且完整的安全政策、程序與設定文件) [Cross-Functional Collaboration & Culture Building]: 1. Work closely with development, IT operations, and security teams to create a culture of security awareness and shared responsibility. (與開發、IT 運維及安全團隊緊密合作，建立安全意識與共同責任的文化)

1.定期撰寫並提交資安分析報告，協助單位掌握資安狀況與風險評估。 2.依專案需求，配合執行不定期資安相關任務。 3.協助處理各類資安事件，包括問題研析、改善建議與後續追蹤。 4.提供資安政策、作業規範及防護措施的技術支援與建議。 5.須配合駐派固定北市國安單位，每週僅需兩天出勤時間。