「【資安稽核室】資安稽核主管課長/課副理」的相似工作

Product Compliance, Security & Cybersecurity  We are seeking an experienced Security Lead with a strong background in product compliance, security, and cybersecurity to support and enhance our organization’s compliance and security initiatives. This role will focus on implementing global compliance programs (e.g., PII, GDPR, SOC 2, CSA Star Level 1), strengthening cybersecurity practices, and ensuring secure product development. The ideal candidate will possess technical expertise, project management skills, and a solid understanding of global and US-specific compliance frameworks.   *Key Responsibilities:  ◎Team and Project Support  -Assist in managing a high-performing team focused on compliance, product security, and cybersecurity initiatives.  -Collaborate with team leads to ensure timely delivery of compliance and security projects.  ◎Compliance Management  -Support product compliance efforts, adhering to global standards like GDPR, NIST CSF, SOC 2, CSA Star Level 1, and US-specific PII regulations (e.g., FTC COPPA).  -Assist in maintaining compliance with data privacy and protection frameworks, including those related to Personally Identifiable Information (PII).  -Help prepare documentation and processes for regulatory audits and certifications.  ◎Cybersecurity Implementation  -Contribute to cybersecurity initiatives, including Security Severity Modeling, Incident Response (IR) policies, and risk management.  -Assist in executing critical programs, such as Zero Touch Production, DRATA implementation, and AWS permission reviews.  -Collaborate with teams to identify and mitigate risks across the product lifecycle.  ◎Operational and Tool Management  -Support the adoption and integration of tools like JIRA, Confluence, and Drata to streamline compliance and security processes.  -Track and report operational metrics to align with compliance and security goals.  ◎Stakeholder Engagement  -Act as a liaison between compliance, product, and legal teams to support the alignment of business objectives with security initiatives.  -Provide updates on project progress, risks, and key initiatives to senior leadership.  ◎Education & Experience:  -Bachelor’s degree in Computer Science, Cybersecurity, or a related field.  -6+ years of experience in software engineering, security, or compliance roles, with at least 3+ year in a leadership a team of at least 5+ members with strong people and project management skills  ◎Technical Skills:  -Experience in product compliance and global regulatory standards (PII, GDPR, SOC 2, CSA Star Level 1, and US-specific frameworks like FTC COPPA).  -Knowledge of secure software development lifecycles (SDLC), DevSecOps, and cloud security (AWS, Azure, or GCP).  -Familiarity with cybersecurity tools, such as SAST/DAST, SIEM, and WAF.  ◎Leadership & Soft Skills:  -Proven ability to manage and inspire cross-functional teams to meet strategic goals.  -Strong decision-making skills, with the ability to balance technical, compliance, and business priorities effectively.  -Experience in conflict resolution, fostering team cohesion, and driving alignment across departments.  -Ability to delegate tasks effectively while maintaining accountability for overall project outcomes.  -Skilled in setting clear objectives and measurable key results (OKRs) to guide team efforts and assess success.  -Excellent interpersonal and communication skills, with a focus on building relationships and influencing stakeholders at all levels.  ◎Preferred Qualifications:  -Security certifications (CISSP, CISM, CEH) are a plus.  -Experience in compliance-heavy industries such as fintech, healthcare, or education.  -Familiarity with container security, Kubernetes, and CI/CD pipelines.  -Understanding of global compliance frameworks and their practical implementation. 

1. 資安系統的維運及使用者服務 2. 資安規定的教育訓練與宣導 3. 資安文件的撰寫與修改 4. 例行庶務的辦理

- Ensures proper IT & Security Governance / Management / Control plan execution - Local Data Protection Correspondent intervenes on behalf of DPO. - Implements Group, Cardif and APAC Security framework. - Supports business in the definition of the Security requirements. - Setting up a Cyber Security network and communicating the vision - Performs regular Security review. - Ensure that decisions / projects are taken / launched with the appropriate level of security or security awareness. - Ensure proper implementation of Identity Access Management (IAM). - Ensure proper security awareness level of the organization. - Ensure regular communication / update with regional and head office teams. - Ensure proper management and optimization of security professionals placed under his/her responsibility. - To support and monitor Business Continuity and IT Continuity and collaborate with the Corporate, Regional, Country and APAC Continuity teams. - Ensuring compliance with the Security requirements of the policy framework. - Promoting security risk prevention as part of BNP Paribas Cardif ISS activities. - Carrying out surveillance and monitoring to anticipate Cyber Security risks linked to the technologies used at the entity - Ensuring that security aspects are integrated into the entity’s project management process by introducing appropriate information security policies and practices

This vacancy is open for talent pool collection. We will contact you if we have proper vacancies that fit with your profile. Job Mission Represent manufacturing and act as gatekeeper from manufacturing to D&E function Add value in overall manufacturing processes such as forming, machining, joining, and assembling Job Description Contribute to the solution of faults and takes the necessary initiatives and practical decisions to ensure zero repeat Identify gaps and drive assigned process improvement projects and successful delivery Initiate and drive new procedure changes and projects Develop and maintain networks across several functional stakeholders Prioritize works and projects based on business situation Transfer knowledge and train colleagues on existing and newly introduced products Education Master degree in technical domain (e.g. electrical engineering, mechanical engineering, mechatronics) Experience 3-5 years working experience in design engineering Personal skills Show responsibility for the result of work Show proactive attitude and willing to take initiative Drive for continuous improvement Able to think outside of standard processes Able to work independently Able to co-work with different functional stakeholders Able to demonstrate leadership skills Able to work in a multi-disciplinary team within a high tech(proto) environment Able to think and act within general policies across department levels Diversity and inclusion ASML is an Equal Opportunity Employer that values and respects the importance of a diverse and inclusive workforce. It is the policy of the company to recruit, hire, train and promote persons in all job titles without regard to race, color, religion, sex, age, national origin, veteran status, disability, sexual orientation, or gender identity. We recognize that diversity and inclusion is a driving force in the success of our company. Need to know more about applying for a job at ASML? Read our frequently asked questions.

HOYA BIT 致力成為加密貨幣新鮮人的最佳信任夥伴，我們致力研究加密貨幣的解決場景，並針對用戶需求提供解決方案，讓加密貨幣便利每個人的生活! 經營理念 享受工作與生活 當你踏入 HOYA BIT 後，你會發現我們致力讓員工創造與突破，高成就感與高報酬是讓每一個夥伴全力以赴的原動力! 高度成長與不斷創新 HOYA BIT 鼓勵每一位的夥伴不斷創新，唯有求新求變才能撼動市場，為此我們也提供每位夥伴學習經費，並透過每個月的內部交流及外部講座提升每一個夥伴的能力！ 客戶至上的服務模式 由於 HOYA BIT 是主打新手友善的加密貨幣交易所，所以我們以積極熱情的精神來服務我們的客戶，並致力透過每一個用戶的回饋來改善 HOYA BIT 的產品及服務，唯有熱情擁抱用戶，才能得到用戶的最高信任。 我們相信越好的人才就需要越少的管理，所以在管理上我們只要求夥伴們尊重會議所決定的專案期程，在過程中若遇任何困難都請「即時提出」、才能「及時解決」，在辦公部份我們也致力打造讓大家都能舒適工作的環境。 歡迎高手突破我們薪資天花板！ 【工作內容】 • 負責公司全面的資訊安全策略規劃與執行 • 主導安全風險評估、漏洞掃描及威脅防禦計劃 • 實施並監控安全防護措施，確保系統及數據的安全 • 監控並應對各類資安威脅，包括 DDoS 攻擊、數據洩露等 • 制定並完善資安應急預案及事件響應流程 • 監督安全合規，確保平台符合 GDPR、ISO 27001 等國際標準 • 與外部安全機構及顧問合作，定期進行安全審查及測試 • 應對攻擊、外洩、竄改、勒索...等資安事件的止損與應對 • 深入理解常見的攻擊模式與防禦策略（如 DDOS、CSRF、XSS 等），具備相關的實戰經驗。 • 制定安全策略，建立威脅模型，並推動資安培訓，確保平台符合安全合規要求。 【具備條件】 • 資訊安全、資訊工程或相關領域學位 • 5 年以上資安相關工作經驗 • 具備防火牆、入侵檢測系統、滲透測試等技術經驗 • 熟悉加密技術及網絡安全協議，具備加密貨幣交易所安全管理經驗者優先 • 熟悉國際資訊安全標準（如 ISO 27001、GDPR 等） • 強大的風險管理及問題解決能力 • 具備規劃與設計資安策略的能力與推動資安政策的執行力 【加分條件】 • 熟悉區塊鏈技術與智能合約開發 • 熟悉交易所的運用、以太坊公鏈、HyperLedger、驗證機制(POW、POS、PBFT等) • 有使用以太坊(geth,solidity,web3js)經驗 • 熟悉VM、AWS、GCP、Docker

1. 協助公司資安 KPI 項目的檢核與改善，提升整體安全性。 2. 執行源碼掃描、弱點檢測、滲透測試，並追蹤改善狀況。 3. 協助資安事件的通報、處理與修復。 4. 參與資安稽核（內部/外部），並配合 ISO 與內控作業。 5. 支援資安設備的日常維運，學習防禦架構實務。 6. 規劃與執行資安教育訓練，提升全員資安意識。 7. 參與資安相關專案，實際累積實戰經驗。

• 制定和實施集團全面資訊安全策略與計劃。 • 評估潛在的安全風險，並制定相應緩解措施。 • 與IT團隊合作，確保安全措施得到有效執行。 • 定期進行安全審計和風險評估 • 為集團全體員工提供資訊安全培訓和意識提升。 • 監控安全基礎設施，確保系統和數據的安全。 I. Program Management 1. ISMS/Trade Secret Implementation and Maintenance 2. 配合事業單位建置資訊安全專案 3. 跨部門資訊安全事務之協調 4. 進行電腦鑑識與法律配合行動 II. Maintenance and Management of Information Security Solutions and Equipment 1. Security Monitoring 2. Event & Incident Management III. Risk assessment and management IV. Security Audit 1. 執行內部安全查核，包含制度管理定期查核、IT環境安全評估、專案查核等 2. 配合客戶要求查核及執行委外安全查核

1. 負責建立資訊安全管理制度、個人資料保護、營運持續管理等相關管理制度，以符合相關標準要求。 2. 負責規劃、執行金融合規查核、資訊安全管理制度、個資保護等相關稽核或遵循性確認。 3. 負責執行資訊安全與個資保護教育訓練。包含：課程簡報準備及課程講授。

1.資訊系統營運持續規劃與事件應變管理。 2.資訊安全機制檢核與資訊安全設備維運作業。 3.資訊安全專案之規劃與執行。 4.資安演練、教育訓練規劃與執行。 5.資安法規遵循、風險評估，及執行情況彙整呈報。 6.分析與鑑識資訊安全事件及攻擊威脅，迅速應變處理與通報。 7.配合主管機關與內外稽單位資安查核業務。 *可依實際工作年資調整初任薪資。 *【薪資暨獎金發放：2019-2021年間每年平均約16.9-18.4個月】

1.協助外部稽核作業；含ISO27001 外部稽核以及客戶資安稽核 2.協助ISMS 推動與維護；含規劃設計資安控管程序、表單維護管理 3.協助資安稽核之相關文件編撰 4.稽核數據分析 5.資訊安全教育訓練 6.主管交辦事項

✅ 工作權責： . 持續配合外部資安顧問，及取得 ISO27001 認證 / PCI-DSS 認證 . 規劃/執行 短/中/長期公司資安建設計畫 . 規劃/執行 資安技術檢測，資訊安全評估報告 . 規劃/執行 例行性資安訓練 . 規劃/執行 各項網路資安服務(如 WAF,DDOS..) . 規劃/執行 資訊安全異常行為監控防護 制度流程 . 規劃/執行 各項客戶專案相關之資安規劃檢測、弱點管理 . 執行資安事件的緊急應變處理與改善措施 . 以資安專業，協助 網路架構、交換機、防火牆、內外部網路 的優化 . 其他系統整合技術研究、支援與文件制作 . 主管交辦事項 ✅ 具備條件： . 專案計畫管理 及 跨部門溝通協調能力 . 熟悉ISO27001資訊安全管理架構及導入流程 . 了解SSDLC能與軟體部門能與軟體開發部門溝通 . 系統思考能力、文件能力、簡報能力、溝通能力 . 強烈自我學習的能力 及 自我成長的企圖心 ✅ 技術能力： . 熟 網路規劃建置架構、配合資安政策規劃防火牆政策 及 相關資安服務 . Linux, Windows 等作業系統基本能力 . 虛擬化平台如VMWARE, HYPERV 的基本能力 . 熟悉 EDR/MDR，以及常見網路攻擊手法 隨著科技的發展，資安日益成為企業重要的議題之一。作為資安高級工程師/副理，您將有機會參與重要的資安建設及管理工作，參與各種專案，並發展您的專業技能和事業。 ✅ 在騰雲，我們不只工作，更享受生活！ • 豐厚獎勵，為你加分！ 中秋端午開工、生日、結婚生育、住院慰問、喪葬奠儀..讓每個重要時刻都有暖心陪伴！ • 彈性工作，生活更自在！ 工作時間兼顧效率與生活，讓你工作更有彈性、生活更有餘裕！ • 職涯發展，一起成長！ 提供完善的職涯發展計畫與專業培訓，讓你持續進步，職場路上我們並肩前行！ • 吃喝玩樂，團隊感情滿分！ 聖誕跨年、春酒活動＋豪華餐會＋超狂抽獎遊戲時間 每季部門聚餐津貼，放鬆享受美食，團隊合作更有默契！ • 免費零食 & 咖啡，下午茶隨心配！ 「今天我想來點＿＿＿＿？」隨心填空，零食隨你挑！還有現磨咖啡機，香醇咖啡免費喝到爽！ • 購物超方便，生活更便利！ 公司樓下就是購物中心和量販店，隨時補貨、滿足各種日常需求！ • 舒壓按摩專區，放鬆一下！ 工作忙碌？來場紓壓按摩，讓身心充滿能量，迎接每一天的挑戰！ • 薪資待遇 可依學歷及相關工作經歷另談 ✅ 公司簡介：我們是一群熱愛服務、充滿熱情的科技探索者！ 在這個數位變革的時代，我們正全力打造**智慧生態系新生活模式**，透過創新科技，讓服務更便捷、更貼近人心！ 我們深信：「科技創造智慧生活」！ 金融科技 × 零售科技** —— 搶先融合，引領未來新趨勢！ 創新 × 服務 —— 不斷突破，打造極致使用體驗！ 研發 × 生活應用 —— 讓科技不只是技術，更是貼近生活的好夥伴！ 從台灣出發，放眼國際！ 我們的下一步，就是將這場智慧革命推向全球，讓世界看見台灣的科技實力！ 現在，讓我們攜手並進，一起創造更聰明、更便利的未來生活！

1.內部資訊系統需求訪談、分析 2.系統整合、架構規劃及評估 3.專案管理 4.軟體程式開發及資料庫維護(MS SQL) 5.資訊相關事項協作 6.熟悉C#、ASP.NET Core Web (MVC)，具JavaScript程式開發經驗尤佳 7.具備RWD響應式網站設計經驗尤佳 8.具備API開發與串接經驗 9.具資安、infra管理能力 10.主管交辦事項

1. 資安評估與測試：負責網站及應用程式的安全測試，進行滲透測試、漏洞掃描與程式碼審查。 2. 資安報告撰寫：編寫資安報告，提出改善建議並跟進執行。 3. 資安架構維護：維護資訊安全架構，應對資安威脅，並更新資安政策及程序。 4. 資安事件處理：處理資安事件並進行應急響應與調查。 5. 資安教育訓練：設計並執行內部資安教育訓練與宣導活動。 6. MIS系統管理與維運：負責公司內部資訊系統的規劃、管理與維運，包括伺服器、資料庫、網路設備等。 7. 資安合規與風險管理：協助資安合規管理，推動資安風險管理與應變措施。 8. 專案管理：主導資訊系統及資安專案的規劃、推動與執行。

1. 協助公司維護ISMS資安管理制度並持續改善 2. 輔導客戶建立與維護ISMS資安管理制度/PIMS個資管理制度 3. 提供客戶ISMS資安管理制度/PIMS個資管理制度相關教育訓練 4. 了解國內外資安法令法規要求，協助客戶規劃資安合規活動 5. 客戶問題反應處理 6. 進行資安風險評估並提出改善建議 7. 培訓及指導員工提升資安意識，增強整體安全防護 8. 其它主管交辦事項

1.網路架構設計、網路系統規劃、建置、管理及維護 2.雲地機房與伺服器管理(VM & Docker) 建置、管理及維護 3.執行資安管理相關業務 4.電腦端設備軟硬體管理 5.執行專案及主管交辦事項

Position Impact: 我們正在尋找一位專業、細心且樂於動手的 IT 稽核與系統控制夥伴，加入 Gogoro 的核心營運團隊。 這個職位不只是遵循規則，而是親手建立、測試並完善公司內部的 IT 控制與資訊安全制度。如果你對打造一個既安全又有效率的系統環境有熱情，並享受從細節中發現問題、建立穩固流程的成就感，這份工作就是為你而設。 Responsibilities:：動手建立與優化 • 建立與維護： 協助建立並維護集團等級的 IT 風險評估框架，確保符合 SOX、ISO 27001 等國際標準。 • 執行與測試： 親手執行 Gogoro 關鍵 IT 系統的內控測試，找出潛在風險與改善機會， 確保系統的穩定與安全。 • 管理與維運： 負責內部系統的帳號權限管理，從申請、修改到停用，親手把關，落實最小權限原則。 • 稽核與改善： 規劃並執行 IT 稽核工作，從制定計畫、追蹤進度到完成報告，並推動相關改善措施落地。 • 支援與解決： 作為跨部門團隊的技術專家，直接回應問題，並提供具體的解決方案。 Requirement：專業、實作、注重細節 • 學歷背景： 大學以上學歷，主修資訊系統、會計、財金、或工商管理相關領域。 • 專業認證： 擁有 CISA、CIA 專業資格為佳。 • 實務經驗： 　1. 具備至少2年稽核相關經驗(財務、內部稽核或IT審計），有四大會計師事務所經驗者為佳。 　2. 精通 ITGC (IT General Controls) 的設計、測試與執行，特別是在變更管理、存取控制與 IT 維運方面。 　3. 對 ISO 27001、GDPR 等資料保護法規有基本了解。 4. 具備 ERP 系統 (例如 SAP/NetSuite) 的權限管理與 SoD 分析經驗。 5. 有操作 IAM/PAM 系統 (如 Azure AD/Okta, CyberArk) 進行權限週期管理的實務經驗。 6. 能熟練運用 ITSM 工具 (如 Jira/ServiceNow) 執行變更管理稽核。 7.具備使用 GRC 平台 (如 Workiva) 或日誌分析工具 (如 Splunk) 的經驗。(加分) • 個人特質： 　1.結果導向，動手實作：你習慣獨立作業，能自我激勵，並親手完成專案與任務。 　2.注重細節，分析力強：你擅長從細節中發現問題，並具備強大的分析與解決問題能力。 　3.溝通合作，樂於完善：你是個好的團隊合作者，善於溝通，並樂於與各級同仁一起將制度建立得更完善。

1. 檢查並協助客戶通過各項網路安全認證 2. 協助客戶整合各項標準(見下方：其他條件說明)，取得證照為佳 3. 國際網路功能趨勢與標準宣導 4. 檢驗前後測分析 5. 客戶提問解答 此職務到職後，前期將會由Mentor帶領，從時程安排、了解客戶需求，到陪同客戶端服務，Mentorship後會接受各項專業規範培訓。

<Summary> In every security standard and local authority, InfoSec and Cybersecurity are the key elements in the governance level (e.g., SEC (registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance). Thus the 3-core requirement is important to bring up a successful InfoSec and Cybersecurity to a company, 1. Governance and Strategy (Core Management level and CISO level) 2. Tactical, Planning and Analysis (InfoSec Level) 3. Technique and Operation (IT level) In the InfoSec team, we’d need a member who understands both InfoSec and IT techniques. The difference between an InfoSec technician and an IT technician is, that InfoSec is based on regulations/standards and is also familiar with IT technologies, so he/she has the ability to analyze/identify the technology flaws. The IT technicians are focused on IT solutions (equipment, OS, front-end software, etc.) <Essential Duties and Responsibilities> 1. Analyze systems, security controls, and event logs to detect the nefarious activity of the company. Provide regular reports to the team on security incidents, risks, and the overall effectiveness of security measures. 2. Audit the company’s security controls to ensure they work correctly; Plan, document, and conduct complex audit assignments and projects. 3. Audit access throughout systems/applications and ensure access is at appropriate levels of the company. 4. Collaborate with/across teams and architects to ensure security compliance. 5. Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions. 6. Contribute to the annual risk assessment and development of the audit plan for assigned businesses or corporate staff groups. 7. Develop skills for ISO committee members across teams. Conduct audit fieldwork in accordance with department, and company standards. 8. Provide consulting services to internal terms including all unit leaders and members.

【About the role】 Hytech is seeking a forward-thinking Manager of Software Security Architecture to lead the strategy, development, and execution of a world-class application security program. This highly technical leadership role will define the vision for embedding security throughout the software development lifecycle (SDLC), including modern AI and machine learning platforms. The ideal candidate will have deep expertise in secure software development, application security engineering, CI/CD automation, and integrating security into traditional, cloud-native, and AI-enabled environments. You will lead a global team of security engineers, build scalable developer-focused security solutions, and shape security strategies across engineering, infrastructure, DevOps, and data science teams. What this job involves: [Program Ownership & Strategy]: 1. Own and advance the enterprise application security program, including vision, technical strategy, and execution. 2. Define and implement scalable, modern AppSec practices for cloud-native and AI-enabled development. 3. Represent application security in enterprise architecture, risk, and compliance initiatives. 4. Define KPIs to measure security posture and program effectiveness. [Leadership & Collaboration]: 1. Lead, mentor, and grow a global team of application security engineers and specialists. 2. Promote a proactive “shift-left” culture by embedding security throughout the SDLC. 3. Partner with development, DevOps, AI/ML, and product teams to integrate secure practices into software and data science workflows. 4. Build strong cross-functional relationships to drive security-first thinking and align investments with business value. [Security Tooling & Technical Implementation]: 1. Drive adoption and optimization of security tools (SAST, DAST, SCA, IAST, secrets scanning, etc.) in CI/CD workflows. 2. Design and deploy developer-friendly tools for threat modeling, code scanning, secrets detection, and dependency analysis. 3. Implement internal secure-by-default frameworks and reference architectures. [AI/ML Security]: 1. Collaborate with AI/ML teams to implement secure design patterns for model development, training pipelines, and service deployment. 2. Develop and enforce security controls for AI applications, including data integrity, robustness, governance, and prompt injection prevention. 3. Evaluate and integrate emerging tools for securing ML pipelines, generative AI models, and AI APIs. [Security Enablement, Education & Documentation]: 1. Build scalable security enablement programs, including secure coding workshops, bootcamps, and self-service resources/platforms. 2. Develop and maintain internal security documentation, policies, and standards. [Research & Continuous Improvement]: 1. Stay current on application security threats, AI security research, and best practices in cloud and software engineering.

About Lungteh LungTeh Ship Building is a ship manufacturer that specializes in high-performance vessels ranging from high-speed naval combat vessels to unique environmental research and marine service vessels. MIS Manager LungTeh's software development team play a critical role in helping the company undergo a digital transformation. We work closely with other departments to understand their work processes and design solutions the help our coworkers be more productive and effective. Our plan includes creating a Digital Twin that describes Lungteh design, material, logistics and other business process. This will become a foundation for services that provides the information for optimal decision making and lays the ground work for automation. As a MIS Manager, your goal is to help LungTeh continuously improved efficiency and productivity. We are in an early phase of modernizing our digital capabilities, so there are many opportunities to work on projects that will greatly impact LungTeh. We are looking for individuals that are proactive, fast learners and who work well in teams. Responsibilities * Manage and drive team's goals and objectives to meet the needs of the overall organization * Lead team of software developers and IT administrators to help succeed at their tasks and grow as professionals * Meet and coordinate with internal and external stakeholders to establish project scope, system goals, and requirements * Research, analyze and propose new business workflows, applications and infrastructure to greatly improve our client's effectiveness and productivity. * Drive initiatives to continuously improve software engineering, IT services, networking and security. Requirements * BS or MS in Information Technology, Computer Science or equivalent experience * Ability to assess business needs and translate them into relevant solutions * Excellent problem solving, analytical, written and oral communication skills * Experience Programming, Databases, Network and Security