「IT 風險與合規專家 (IT Risk & Compliance Engineer / Auditor)」的相似工作

About the role: As a Senior GRC Officer, you will play a critical role in strengthening the organization’s cybersecurity governance and supporting the broader Governance, Risk & Compliance (GRC) program. Partnering with IT, HR, and business teams, you will drive initiatives that enhance security awareness and reinforce compliance across the group. You will collaborate with internal stakeholders and translate complex security concepts into clear, actionable guidance aligned with leading frameworks, including: - ISO/IEC 27001 - NIST Cybersecurity Framework (CSF) & SP 800 series - PCI-DSS (身為資訊安全風險資深管理師，您將在強化本組織的資安治理及推動更廣泛的治理、風險與合規（GRC）計劃中發揮關鍵作用。您將與 IT、HR 及業務團隊合作，推動提升資安意識及強化集團合規的各項行動。同時，您將與內部利害關係人合作，將複雜的資安概念轉化為清晰且可執行的指引，並確保與主要框架保持一致，包括：ISO/IEC 27001, NIST 網路安全框架(CSF)與 SP 800 系列及PCI-DSS)) What this job involves: [Assess & Benchmark]: 1. Perform cyber-risk and control-maturity assessments using frameworks such as NIST CSF, ISO 27001, Essential Eight, and proprietary models. (依據 NIST CSF、ISO 27001、Essential Eight 及內部專有模型，執行資安風險與控制成熟度評估) 2. Translate technical findings into executive-level insights and actionable roadmaps. (將技術發現轉化為高階管理層能理解的見解與可行的行動計劃) [Programme Design & Delivery]: 1. Design and implement cyber-risk programs, including risk registers, treatment plans, and dashboards. (設計並導入資安風險計劃，包括風險登錄表、處理計劃與儀表板) 2. Develop policies, standards, and procedures that ensure compliance and are practical for engineers to adopt. (制定符合合規要求且工程團隊能實際落實的政策、標準與程序) [Governance & Compliance]: 1. Own the GRC framework and policy suite; embed the “three lines of defence” model. (主導 GRC 框架與政策體系；落實「三道防線」模型) 2. Guide stakeholders through audits and regulatory reviews (e.g., APRA CPS 234, SOC 2). (引導利害關係人通過稽核與法規審查（如 APRA CPS 234、SOC 2)) 3. Monitor regulatory changes and advise the business on impacts within 30 days. (監控法規變化，並於 30 日內向業務部門提供影響評估與建議) [Strategic Advisory]: 1. Develop rolling multi-year cybersecurity and risk strategies aligned with corporate OKRs. (制定與公司 OKRs 相符的多年度資安與風險策略) 2. Present risk posture, KPI/KRI trends, and investment options to boards and regulators. (向董事會及監管機構呈報風險現況、KPI/KRI 趨勢及投資選項) [Leadership & Coaching]: 1. Mentor junior GRC analysts and upskill cross-functional teams on secure-by-design and offensive-security practices. (指導初階 GRC 分析師，並提升跨部門團隊在安全設計及攻擊性安全實務上的能力) 2. Foster a culture of continuous improvement and measurable risk reduction. (培養持續改進與可衡量風險降低的文化)

Introduction to the job Do you like challenges and do you want to work in a fast pacing supply chain environment to support some of the biggest semiconductor companies worldwide? Are you familiar with Logistics Operations and like to managing urgent demands on a daily basis?  If this sounds like you and if you have a strong customer oriented mindset, here is your mission. Role and responsibilities For our Global Operations Center in Taiwan we are searching for Supply Chain Professionals. You fulfill the demand of our customers for spare parts and tools for their maintenance activities on some of the most complex machines in the right quantity and at the right time & cost. Time is of the essence to ensure a seamless production of our customers without interruptions on our machines. -Handling of urgent material requests from worldwide customers in a rolling 24/7 shift system with the right customer focus, while meeting all milestones related to communication and execution -Monitoring of worldwide shipments  -Ability to resolve complex issues and drive improvements to further optimize processes -Ability to support escalations and provide communication proposals for review -Constructive and reliable communication with worldwide stakeholders from all departments within ASML -This position requires shift work. Education and Experience Bachelor's Degree in related subject i.e. Supply Chain Management, Information Science, Engineering etc. preferred -Minimum 1 year of relevant experience in an international company, semiconductor industry is preferred -A tactical thinker with strong interpersonal and communication skills -Analytical thinking and ability to organize and prioritize workload Skills Working at the cutting edge of tech, you’ll always have new challenges and new problems to solve – and working together is the only way to do that. You won’t work in a silo. Instead, you’ll be part of a creative, dynamic work environment where you’ll collaborate with supportive colleagues.  There is always space for creative and unique points of view. You’ll have the flexibility and trust to choose how best to tackle tasks and solve problems. To thrive in this job, you’ll need the following skills: -Stress-resistant; act under high pressure -Flexible; willing to go the extra mile for the customer -Excellent professional communication in English, written and oral -Drive for results; does not stop until solution has been found, even when obstacles arise -Team player -Change management competencies -Convincing, pro-active and “can do” mentality -Cultural awareness -Experience with ERP system(s), SAP R/3 knowledge preferred -Ability to prioritize Diversity and inclusion ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company. Need to know more about applying for a job at ASML? Read our frequently asked questions.

1. 資訊稽核之執行，包括AP、Infra、資安、大數據等單位 2. 協助稽核行政工作，例如擬訂年度稽核計劃、評估檢視現行作業規章、配合內外規規範之相關事宜等

Product Compliance, Security & Cybersecurity  We are seeking an experienced Security Lead with a strong background in product compliance, security, and cybersecurity to support and enhance our organization’s compliance and security initiatives. This role will focus on implementing global compliance programs (e.g., PII, GDPR, SOC 2, CSA Star Level 1), strengthening cybersecurity practices, and ensuring secure product development. The ideal candidate will possess technical expertise, project management skills, and a solid understanding of global and US-specific compliance frameworks.   *Key Responsibilities:  ◎Team and Project Support  -Assist in managing a high-performing team focused on compliance, product security, and cybersecurity initiatives.  -Collaborate with team leads to ensure timely delivery of compliance and security projects.  ◎Compliance Management  -Support product compliance efforts, adhering to global standards like GDPR, NIST CSF, SOC 2, CSA Star Level 1, and US-specific PII regulations (e.g., FTC COPPA).  -Assist in maintaining compliance with data privacy and protection frameworks, including those related to Personally Identifiable Information (PII).  -Help prepare documentation and processes for regulatory audits and certifications.  ◎Cybersecurity Implementation  -Contribute to cybersecurity initiatives, including Security Severity Modeling, Incident Response (IR) policies, and risk management.  -Assist in executing critical programs, such as Zero Touch Production, DRATA implementation, and AWS permission reviews.  -Collaborate with teams to identify and mitigate risks across the product lifecycle.  ◎Operational and Tool Management  -Support the adoption and integration of tools like JIRA, Confluence, and Drata to streamline compliance and security processes.  -Track and report operational metrics to align with compliance and security goals.  ◎Stakeholder Engagement  -Act as a liaison between compliance, product, and legal teams to support the alignment of business objectives with security initiatives.  -Provide updates on project progress, risks, and key initiatives to senior leadership.  ◎Education & Experience:  -Bachelor’s degree in Computer Science, Cybersecurity, or a related field.  -6+ years of experience in software engineering, security, or compliance roles, with at least 3+ year in a leadership a team of at least 5+ members with strong people and project management skills  ◎Technical Skills:  -Experience in product compliance and global regulatory standards (PII, GDPR, SOC 2, CSA Star Level 1, and US-specific frameworks like FTC COPPA).  -Knowledge of secure software development lifecycles (SDLC), DevSecOps, and cloud security (AWS, Azure, or GCP).  -Familiarity with cybersecurity tools, such as SAST/DAST, SIEM, and WAF.  ◎Leadership & Soft Skills:  -Proven ability to manage and inspire cross-functional teams to meet strategic goals.  -Strong decision-making skills, with the ability to balance technical, compliance, and business priorities effectively.  -Experience in conflict resolution, fostering team cohesion, and driving alignment across departments.  -Ability to delegate tasks effectively while maintaining accountability for overall project outcomes.  -Skilled in setting clear objectives and measurable key results (OKRs) to guide team efforts and assess success.  -Excellent interpersonal and communication skills, with a focus on building relationships and influencing stakeholders at all levels.  ◎Preferred Qualifications:  -Security certifications (CISSP, CISM, CEH) are a plus.  -Experience in compliance-heavy industries such as fintech, healthcare, or education.  -Familiarity with container security, Kubernetes, and CI/CD pipelines.  -Understanding of global compliance frameworks and their practical implementation. 

集團資訊安全稽核制度規劃與建置 資安風險監控與分析 資安制度的審查與調整建議 依照公司之政策或目標，訂定稽核工作計畫，並且實施 稽核專案任務執行 資安系統協辦評估導入 主管交辦事項

【About the role】 Hytech is seeking a forward-thinking Manager of Software Security Architecture to lead the strategy, development, and execution of a world-class application security program. This highly technical leadership role will define the vision for embedding security throughout the software development lifecycle (SDLC), including modern AI and machine learning platforms. The ideal candidate will have deep expertise in secure software development, application security engineering, CI/CD automation, and integrating security into traditional, cloud-native, and AI-enabled environments. You will lead a global team of security engineers, build scalable developer-focused security solutions, and shape security strategies across engineering, infrastructure, DevOps, and data science teams. What this job involves: [Program Ownership & Strategy]: 1. Own and advance the enterprise application security program, including vision, technical strategy, and execution. 2. Define and implement scalable, modern AppSec practices for cloud-native and AI-enabled development. 3. Represent application security in enterprise architecture, risk, and compliance initiatives. 4. Define KPIs to measure security posture and program effectiveness. [Leadership & Collaboration]: 1. Lead, mentor, and grow a global team of application security engineers and specialists. 2. Promote a proactive “shift-left” culture by embedding security throughout the SDLC. 3. Partner with development, DevOps, AI/ML, and product teams to integrate secure practices into software and data science workflows. 4. Build strong cross-functional relationships to drive security-first thinking and align investments with business value. [Security Tooling & Technical Implementation]: 1. Drive adoption and optimization of security tools (SAST, DAST, SCA, IAST, secrets scanning, etc.) in CI/CD workflows. 2. Design and deploy developer-friendly tools for threat modeling, code scanning, secrets detection, and dependency analysis. 3. Implement internal secure-by-default frameworks and reference architectures. [AI/ML Security]: 1. Collaborate with AI/ML teams to implement secure design patterns for model development, training pipelines, and service deployment. 2. Develop and enforce security controls for AI applications, including data integrity, robustness, governance, and prompt injection prevention. 3. Evaluate and integrate emerging tools for securing ML pipelines, generative AI models, and AI APIs. [Security Enablement, Education & Documentation]: 1. Build scalable security enablement programs, including secure coding workshops, bootcamps, and self-service resources/platforms. 2. Develop and maintain internal security documentation, policies, and standards. [Research & Continuous Improvement]: 1. Stay current on application security threats, AI security research, and best practices in cloud and software engineering.

• 制定和實施集團全面資訊安全策略與計劃。 • 評估潛在的安全風險，並制定相應緩解措施。 • 與IT團隊合作，確保安全措施得到有效執行。 • 定期進行安全審計和風險評估 • 為集團全體員工提供資訊安全培訓和意識提升。 • 監控安全基礎設施，確保系統和數據的安全。 I. Program Management 1. ISMS/Trade Secret Implementation and Maintenance 2. 配合事業單位建置資訊安全專案 3. 跨部門資訊安全事務之協調 4. 進行電腦鑑識與法律配合行動 II. Maintenance and Management of Information Security Solutions and Equipment 1. Security Monitoring 2. Event & Incident Management III. Risk assessment and management IV. Security Audit 1. 執行內部安全查核，包含制度管理定期查核、IT環境安全評估、專案查核等 2. 配合客戶要求查核及執行委外安全查核

【職務說明】 1. 此職務徵求有實際執行ISO27001(資訊安全管理系統)經驗者。 註：具備ISO27001:2022 LA證照者。 【職務內容】 1協助導入 ISO 27001:2022 資訊安全管理系統 (ISMS) 將公司內部資安規範與程序書，轉化為可執行的作業流程、表單與稽核證據。 與 IT、開發、法遵等部門協作，推動資安政策落地，並進行合規性檢視。 協助應對內、外部稽核，並追蹤改善事項。 2執行資安維運 (Security Operations) 執行或協調定期的弱點掃描與滲透測試，並追蹤漏洞修補進度。 分析資安系統日誌 (Log)，進行異常事件的初步調查與通報。 參與規劃與執行資安教育訓練。 【條件與技能 (Requirements & Skills)】 必要條件： 1具備實際參與或協助導入 ISO 27001 管理制度的經驗，而不僅是持有證照。 2熟悉網路與系統管理 (如 Windows Server, 防火牆)，並具備基礎故障排除能力。 3具備日誌 (Log) 分析或 SIEM 工具使用經驗，能從中識別異常行為。 加分條件： 1持有 ISO 27001 、27701、或其他相關資安證照者。 2具備任一種腳本語言能力 (如 Powershell, Python)，能協助自動化維運或安全任務。 3有在金融科技 (FinTech) 或 VASP 相關產業工作的經驗。 4熟悉雲端平台（如 GCP/Azure）的基礎安全設定與管理。 5了解並使用過 AI 工具（如 ChatGPT）以提升工作效率。

1. 檢查並協助客戶通過各項網路安全認證 2. 協助客戶整合各項標準(見下方：其他條件說明)，取得證照為佳 3. 國際網路功能趨勢與標準宣導 4. 檢驗前後測分析 5. 客戶提問解答 此職務到職後，前期將會由Mentor帶領，從時程安排、了解客戶需求，到陪同客戶端服務，Mentorship後會接受各項專業規範培訓。

【Purpose of this Position】 負責產品漏洞管理、資安通報，並協調各部門進行修補與回報，定期推動安全強化措施。協調單位成員橫跨產品單位、研發單位、資安專家、法務與客戶支援，多方協作確保產品生命周期的資安管理。您將處理產品資安漏洞的識別、分析並協調修補策略，參與產品生命週期中的資安設計與測試規範，確保我們的產品符合國際資安標準，並有效應對潛在的資安威脅。 【Major Areas of Responsibility】 • 產品資安風險評估、威脅建模、漏洞評估 • 優化與執行產品資安相關之通報、回應、演練、應變程序，並與外部研究人員溝通 • 漏洞研究、概念驗證(POC)與影響評估，提供改善建議 • 提供資訊更新、分享熱門資安議題，與國內外CERT單位及社群保持聯繫 • 優化Moxa產品SSDLC及漏洞處理流程與團隊合作完成產品安全開發並符合國際認證要求 • 執行Moxa產品資安相關功能規格、設計與實作審查 • 回應客戶對於Moxa產品資安相關問題 • 開發資安相關之必要工具 • 研究開發安全技術與功能 • 內部培訓，為產品單位、研發團隊、技術服務單位提供資安相關培訓，提升整體安全意識

1.ISO27001 推動： (1)推動各廠區年度例行性 ISO27001 作業，包括： a.資訊資產盤點 b.風險評鑑作業/風險改善作業 c.內部稽核與稽核缺失改善追蹤 (2)推動海外廠區取得 ISO27001 認證作業 2.客戶稽核： (1)協助客戶年度稽核 (2)追蹤與改善稽核缺失 3.內部稽核： (1)執行內部資安稽核（軟體合規等專案） (2)稽核缺失追蹤與改善 4.資安教育訓練： (1)員工資安意識教育訓練（含社交工程演練） (2)IT 人員專業資安訓練（含政策、規範與稽核實務） 5.資安政策、規定編修： (1)協助擬定、修訂資安政策及相關規範 (2)確保政策與規範能落實執行並符合稽核要求 6.資安指標追蹤管理： (1)建立資安成效及指標 (2)定期彙整與追蹤資安指標報告

✅ 工作權責： . 持續配合外部資安顧問，及取得 ISO27001 認證 / PCI-DSS 認證 . 規劃/執行 短/中/長期公司資安建設計畫 . 規劃/執行 資安技術檢測，資訊安全評估報告 . 規劃/執行 例行性資安訓練 . 規劃/執行 各項網路資安服務(如 WAF,DDOS..) . 規劃/執行 資訊安全異常行為監控防護 制度流程 . 規劃/執行 各項客戶專案相關之資安規劃檢測、弱點管理 . 執行資安事件的緊急應變處理與改善措施 . 以資安專業，協助 網路架構、交換機、防火牆、內外部網路 的優化 . 其他系統整合技術研究、支援與文件制作 . 主管交辦事項 ✅ 具備條件： . 專案計畫管理 及 跨部門溝通協調能力 . 熟悉ISO27001資訊安全管理架構及導入流程 . 了解SSDLC能與軟體部門能與軟體開發部門溝通 . 系統思考能力、文件能力、簡報能力、溝通能力 . 強烈自我學習的能力 及 自我成長的企圖心 ✅ 技術能力： . 熟 網路規劃建置架構、配合資安政策規劃防火牆政策 及 相關資安服務 . Linux, Windows 等作業系統基本能力 . 虛擬化平台如VMWARE, HYPERV 的基本能力 . 熟悉 EDR/MDR，以及常見網路攻擊手法 隨著科技的發展，資安日益成為企業重要的議題之一。作為資安高級工程師/副理，您將有機會參與重要的資安建設及管理工作，參與各種專案，並發展您的專業技能和事業。 ✅ 在騰雲，我們不只工作，更享受生活！ • 豐厚獎勵，為你加分！ 中秋端午開工、生日、結婚生育、住院慰問、喪葬奠儀..讓每個重要時刻都有暖心陪伴！ • 彈性工作，生活更自在！ 工作時間兼顧效率與生活，讓你工作更有彈性、生活更有餘裕！ • 職涯發展，一起成長！ 提供完善的職涯發展計畫與專業培訓，讓你持續進步，職場路上我們並肩前行！ • 吃喝玩樂，團隊感情滿分！ 聖誕跨年、春酒活動＋豪華餐會＋超狂抽獎遊戲時間 每季部門聚餐津貼，放鬆享受美食，團隊合作更有默契！ • 免費零食 & 咖啡，下午茶隨心配！ 「今天我想來點＿＿＿＿？」隨心填空，零食隨你挑！還有現磨咖啡機，香醇咖啡免費喝到爽！ • 購物超方便，生活更便利！ 公司樓下就是購物中心和量販店，隨時補貨、滿足各種日常需求！ • 舒壓按摩專區，放鬆一下！ 工作忙碌？來場紓壓按摩，讓身心充滿能量，迎接每一天的挑戰！ • 薪資待遇 可依學歷及相關工作經歷另談 ✅ 公司簡介：我們是一群熱愛服務、充滿熱情的科技探索者！ 在這個數位變革的時代，我們正全力打造**智慧生態系新生活模式**，透過創新科技，讓服務更便捷、更貼近人心！ 我們深信：「科技創造智慧生活」！ 金融科技 × 零售科技** —— 搶先融合，引領未來新趨勢！ 創新 × 服務 —— 不斷突破，打造極致使用體驗！ 研發 × 生活應用 —— 讓科技不只是技術，更是貼近生活的好夥伴！ 從台灣出發，放眼國際！ 我們的下一步，就是將這場智慧革命推向全球，讓世界看見台灣的科技實力！ 現在，讓我們攜手並進，一起創造更聰明、更便利的未來生活！

【加入滙豐 成就職涯】 我們理想遠大，加入滙豐，您將成就更多！ 如果您正在尋找能讓你更加突出的事業，加入滙豐，發揮您的潛能，讓您更加耀眼。 If you're looking for a career that will help you to stand out, join HSBC and fulfill your potential. HSBC作為全球最大金融服務機構之一，我們不僅提供多樣化的金融商品服務，也提供跨國多元之職涯發展機會。不論您現在正在尋找工作機會、或者渴望未來轉換職涯跑道，我們誠摯歡迎對金融產業有熱情、有抱負的您加入HSBC Taiwan Talent Community，接收HSBC第一手職缺及職涯相關消息！ 請立即複製以下連結，註冊加入HSBC Taiwan Talent Community！ https://mycareer.hsbc.com/en_GB/talentcommunity?pipelineId=2455 Principal accountabilities: The role holder will support the Head of Audit, Corporate and Institutional Banking (CIB) Technology with the undertaking and delivery of audits, some major and/or highly complex, based on the critical assessment of the IT environment, and of the governance, risk and internal control frameworks that support this. Group Internal Audit - Group Internal Audit provides independent assurance to management and the Risk and Audit Committees that HSBC’s risk management, governance and internal control processes are designed appropriately and are operating effectively. Undertake general audit activities, as part of a team providing independent, objective assurance over the Group’s internal control framework as well as local regulations and assist business line management by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes. · People responsibility: N · Report to: SVP Internal Audit · Job content: 1. Responsible for providing independent evaluations of internal controls for all IT infrastructure, operations, applications, and projects. 2. Undertake risk assessment, control design and operating effectiveness review of business applications, software development and technical infrastructure as part of various global, regional and local IT audits. 3. Provide consultancy services to IT and business management and other Internal Audit teams, covering IT strategy, architecture, security, risks and controls. 4. Based on audit work, draft value-adding audit findings articulating key issues, risks, root causes and action plans. 5. Help producing high quality audit reports for review by senior audit management. 6. Compliance with Global audit standards while undertaking the audit activities. 7. Develop/maintain audit packages for new technology, applications and regulatory requirements. 8. Manage the interface between stakeholders to ensure a common approach to and understanding of key deliverables. 9. Play an integral role in delivering the audit plan. 10. Maintain leading edge knowledge of best practice within audit, financial services and in the risk environment.

【主要工作內容】 １.資訊安全相關專案執行 ２.維運及管理個人資料防護系統 ３.維運及管理帳號權限管理系統 ４.維運及管理資料庫稽核系統 ５.執行弱點掃描作業 ６.資訊安全事件分析與後續追蹤 ７.定期辦理資訊安全事件演練，如分散式阻斷服務攻防演練、模擬駭客攻擊演練、防範個資洩漏演練。 ８.辦理資訊安全通報作業 【Job description】 １.Executing information security projects ２.Maintaining and managing personal data protection system, DLP ３.Maintaining and managing user access permissions ４.Maintaining and managing database audit system ５.Performing the vulnerability scan ６.Information security incident analysis and follow-up ７.Regularly conducting the information security incident drill such as decentralized denial of service, DDOS, attack and defense 　 drill, simulated hacker attack drills and drills on preventing personal information leakage ８.Handling information security notification

1. 維護資訊安全管理制度。 2. 建置並維護個人資料保護管理制度。 3. 執行資安暨個資管理制度風險評鑑（風險評估、風險處理及風險改善）。 4. 執行資安暨個資教育訓練，提升同仁資安及個資保護意識。 5. 執行資安暨個資國際標準驗證作業。

1.新興科技(雲端/AI)資安控管機制評估與執行。 2.資訊安全威脅情資風險評估、事件分析。 3.子公司、跨部門資安業務協作與溝通。

1. 依據客戶資訊環境及面臨之風險，擬訂查核計劃與執行查核工作，包含工作底稿之編製、提出查核結論、改善追蹤等。 2. 檢視及評估客戶資訊作業中，控制點設計是否妥適及遵循情形之檢查。 3. 提供客戶資訊循環和內部控制流程改善建議方案。 4. 管理專案工作進度與品質，與客戶以及內外部同仁溝通。 5. 須配合出差 (平均一季一次)。

-Develop and execute the annual audit plan, covering both Taiwan and North American subsidiaries, with a focus on internal audits and the effective implementation of internal control systems. -Prepare comprehensive audit reports, identifying findings, and closely monitoring corrective actions to ensure continuous improvement. -Oversee the annual internal control self-assessment for the parent company and its subsidiaries. -With a strong sense of audit acumen is required to drive the optimization and enhancement of internal policies, procedures, and compliance standards. -Conduct a project-based audits and support various assignments as directed by management. 1. 年度稽核計畫，包含台灣與北美子公司的內稽與內控制度溝通與推行 2. 稽核報告撰寫，查核發現以及改善情形追蹤 3. 集團母公司與子公司年度內控自評 4. 具備稽核工作敏銳度，內部制度、規範的優化及完善推進 5. 專案查核以及主管交辦事項

The Cyebr Security Expert will be responsible for the day-to-day operation of our Taiwan laboratory and provide technical support to regional cyber labs. Working in partnership with SGS clients in Taiwan and Asia-Pacific, you will provide a best-in-class commercial cybersecurity testing, inspection and certification service and solution offering that focuses on device, infrastructure and cloud security. 【Key Responsibilities】 • Cybersecurity Assessment – Conduct assessments, gap analysis, and testing for Industrial Control Systems (ICS/OT) based on the IEC 62443 series standards. • Compliance Assessment – Support clients in establishing OT cybersecurity management systems, perform assessments, and verify compliance with international standards and local regulations. • Compliance Solutions – Provide recommendations to strengthen ICS/OT environments, covering areas such as vulnerability remediation, risk management, product security, and supply chain security. • Project Management & Client Engagement – Independently or collaboratively manage projects, including planning, executing assessment, drafting reports, and delivering professional advice to clients. • Training & Knowledge Sharing – Conduct cybersecurity training sessions, workshops, and internal knowledge-sharing to enhance both client and team capabilities. 【What We Offer】 • Opportunity to work in a global organization with cross-border cybersecurity projects and experts. • Exposure to real-world cybersecurity use cases across industries. • Career development and growth.

<部門簡介> 隨著資安攻擊在營運技術（OT）和物聯網（IoT）領域的關注度持續攀升，產品安全已成為企業競爭力的關鍵，各國政府也紛紛推動相關法規，以保障顧客權益並確保產業永續發展。為了引領產業邁向更高的資安標準，台達於2024年成立PS3 (Product Security Service and Solutions, PS3 BD)，致力於提升車用、網通、再生能源、工業自動化設備和系統產品的安全品質。我們的目標不僅是協助客戶取得資安合規認證，更要成為全球產品安全的領導者，打造更值得信賴的未來！現在正是加入我們，共同開創未來的最佳時機！ <工作內容> OT 資通安全管理 • 協助客戶建立與維運 OT（工業控制系統）資通安全管理制度，確保符合相關國際標準與產業規範 (如 IEC 62443、NIST CSF 等)。 • 參與 OT 場域安全設計與改善建議，並支援現場弱點盤點與風險評估。 產品資安合規 • 協助企業產品導入資安合規要求，包含 CRA、RED Delegated Act (RED DA)、ISO/SAE 21434 等法規或標準。 • 支援產品安全測試、風險分析 (Threat Modeling / TARA)、及合規文件撰寫。 資安制度導入與稽核 • 輔導企業建立及完善資訊安全管理制度 (如 ISO/IEC 27001, TISAX)。 • 執行內部稽核、遵循性確認，並協助客戶準備第三方審核或認證。 資安法令與法規遵循 • 提供資安相關法規與標準的解讀與符合性建議，協助客戶進行差異分析及改善規劃。 • 協助跨國客戶理解與遵循 EU、國際及在地資安法令規範。 教育訓練與推廣 • 協助規劃並執行資訊安全教育訓練，包含課程設計、教材製作、講師授課與活動安排。 • 提升客戶組織內部資安意識與合規能力。