IT Security Lead
Job no: 502772
Work type: Permanent Full Time
Location:
MMG Limited is a global resources company that mines, explores and develops base metal projects globally. We are one of the world's largest producers of zinc and a substantial producer of copper, lead, gold and silver. Headquartered in Melbourne, Australia, we are listed on the Hong Kong Stock Exchange (HKEx 1208) and Australian Securities Exchange (MMG) with mining projects and operations in Australia, Africa, Americas and South East Asia, we offer a rare and unique opportunity to work with a global perspective.
We are pleased to advise that we seek an IT Security Lead. Based in Beijing Office and reporting to Senior Manager IT, the purpose of this job is to own all assurance activities related to the confidentiality, integrity and availability of MMG IT assets in compliance with MMG’s standards, ensuring risks are identified and managed to support MMG’s IT security strategy. This involves working with the managed services security partner and engaging with senior management to achieve cyber security risk resilience, complying with legislation and industry standards.
The role need:
- IT Security & Assurance - develops and communicates corporate IT security standards and guidelines and contributes to the development of organisational strategies that address IT control requirements. Identifies and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks. Leads the provision of advice and guidance on requirements for security controls in collaboration with experts in other functions. Ensures architectural principles are applied during design to reduce risk and drive adoption and adherence to standards and guidelines.
- Emerging Technology - collaborates with internal and external parties to facilitate intelligence gathering, and translates these into relevant plans and architectures
- Service Level Management - ensures clear services scopes and that service delivery meets agreed service levels. Diagnoses service delivery problems and initiates actions to maintain or improve levels of service.
- Incident Management - ensures that incidents are handled according to agreed procedures. Investigates escalated incidents and seeks resolution. Facilitates recovery, following resolution of incidents. Ensures that resolved incidents are properly documented and closed. Analyses causes of incidents and informs service owners in order to minimise probability of recurrence and contribute to service improvement. Analyses metrics and reports on performance of incident management process.
- Conformance Review - specifies organisational procedures for internal or third-party assessment against recognised criteria. Develops plans for review including implementation and use of standards and the effectiveness of operational and process controls. Identifies areas of risk and specifies interrogation programs and recommends improvements in processes and control procedures. Authorises the issue of formal reports to management on the extent of compliance with standards, regulations and/or legislation.
- Performance Management -manages individuals and groups. Allocates responsibilities and/or packages of work, including supervisory responsibilities. Delegates responsibilities as appropriate. Sets performance targets, and monitors progress against agreed quality and performance criteria. Provides effective feedback, throughout the performance management cycle, to ensure optimum performance. Proactively works to ensure effective working relationships.
To be considered, candidates must have
• Risk management frameworks (ISO 31000), IT risk and security standards (ISO 27001), NIST
• Relevant legal and regulatory requirements
• Key technology influences and trends
• IT Security domains such as security architecture, governance risk and compliance, security operations and intelligence, infrastructure security, risk management
• Project Management methodologies e.g. PMBOK, Prince2
• Minimum 8 years’ experience in a combination of risk management, IT security and IT roles (with at least 4 years in a senior role)
• Operating within ITIL and SIAM based environments
• Developing, implementing and maintaining cyber risk resilience assurance programs
• Managing security assurance across the technology lifecycle for both in-house managed and cloud-based environments
• Familiarity with supporting a diverse range of projects and technical changes offering and/or sourcing advice, and providing assurance whilst tracking security weaknesses and audit issues
• Tertiary qualification in a relevant discipline
• Post-graduate degree in information security or business administration (e.g. MIS, MBA)
• Relevant industry certifications (e.g. CISSP, ISSMP, CISM, CRISC, TOGAF) highly desirable
• More than 5 years MNC working experience
• China state own company working experience is a plus
• With OT cybersecurity experience is a plus
All applicants must apply directly to MMG to be considered - in this instance, we will not be accepting any submissions from recruitment agencies.
To join the next generations' global mining company, please submit your application online in either Word (.doc) or Adobe (.pdf) format by clicking on the 'Apply' button or visiting the job search page of our website - http://careers.mmg.com/jobSearch.asp?stp=AW&sLanguage=en.
Advertised: China Standard Time
Applications close: China Standard Time
Apply now
Back to search results
![]()
![]()