携程IT GRC Specialist(MJ035945)
社招全职商旅业务系统安全地点:上海状态:招聘
任职要求
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or a related field. - 3+ years of experience in IT governance, risk and compliance, information security, or technology risk roles. - Experience supporting audits, certifications, or client security assessments. - Familiarity with frameworks such as ISO 27001, SOC 2, PCI DSS, or similar. - Experience work…
登录查看完整任职要求
微信扫码,1秒登录
工作职责
- Support global GRC initiatives and provide operational support to the Head of IT GRC across Trip.Biz. - Coordinate ISO 27001, SOC 2, PCI DSS or similar certification and audit activities, including evidence collection and remediation tracking. - Support client security assessments, RFP questionnaires, and due-diligence reviews across global markets. - Maintain risk registers, track remediation actions, and support periodic risk assessments across systems and projects. - Coordinate internal and external audits and support regulatory or contractual compliance documentation. - Work with product, R&D, legal, and security teams to validate controls and ensure compliance alignment. - Support third-party and partner security reviews where required. - Prepare reports and materials for management and stakeholders on compliance and risk posture. - Support global initiatives and cross-regional coordination, including travel where required.
包括英文材料
安全防护+
https://roadmap.sh/cyber-security
Step by step guide to becoming a Cyber Security Expert
https://www.w3schools.com/cybersecurity/
This course serves as an excellent primer to the many different domains of Cyber security.
还有更多 •••
相关职位
校招阿里控股2026
1、熟练掌握公司基础办公所需软硬件技术问题或需求的解决方案,技术知识包括但不仅限于:办公硬件-PC或笔记本、外设办公设备、操作系统、安全软件、账号、办公网络、网络准入、会议支持(音视频连线、直播链路、大屏操控等)、办公软件产品等; 2、根据业务发展方向,严格按标准规范执行,确保服务过程合规与专业,同时通过一线工作及时反馈效果,促进标准规范持续改进; 3、理解并会用好各项数据指标变化,运用科学的方法和工具进行数据分析,发现执行过程中的问题,并提出有效改改方案,使各项指标保持健康水位; 4、能够在指导下制定简单的项目计划,包括时间表、资源分配,过程中具备基本风险识别能力,并参与制定风险应对措施; 5、持续学习领域专业知识,并能够将新技术与新思想有效运用到工作中,提出工具改善的需求,以及产品规划,争取资源投入,实行工具改进与总体服务质量提升。
更新于 2025-11-06广州|杭州
社招5年以上信息技术类
1. 流程体系与工具优化:主导IT资产流程体系化建设与梳理,完成资产管理工具选型、搭建、迭代优化及运维,提升流程运转效率; 2. 全生命周期管控:统筹IT资产全流程管理,涵盖预算编制、EC/PR/PO发起、入库验收、发放、异动、回收翻新、报废处置,确保流程合规可追溯; 3. 终端设备与供应商管理:主导笔记本、台式机等终端设备选型评估,对接供应商完成比价及合同履约,保障供应质量与成本可控; 4. 资产数据化分析:基于资产数据开展分析,输出库存、流转效率、损耗率等报告,为决策提供支撑,推动管理策略优化; 5. 团队协作与盘点管理:管理资产外包团队,分配任务并评估绩效;组织定期/不定期资产盘点,制定并落地盘点方案,确保账实相符。
更新于 2026-06-16合肥