Beijing

 

Describe the overall nature and purpose of the job as it exists today.

The Senior SW Security Officer is responsible for both the daily business of the Software Security Operations and implementing the strategic direction of the company's software security operations.

 

The daily business includes responsibility for doing governance over all technology platforms and business units of Company Mobile Corporation including cloud-based programs and E2E services.  The position will enforce compliance with SSO policies, company procedures and national laws.

 

The role will also be responsible for managing the successful implementation of SSO requirements across the SOMC architect, development and testing groups.  The Officer shall provide advice and guidance to the groups on good security practices and products.  Finally, this position will ensure that SSO sites execute on activities designed to increase the maturity of the SSO.

 

1.Incident handling.

2.Implement SSO requirements across SOMC

3.Managing of Supplier, partner & 3:rd party apps from a SSO perspective

4.E2E services & cloud based solutions.

5.SSO Office setup/BSIMM maturity

 

1.Competence and experience from development and release of mobile phone software systems, covering platform and application side software as well as client and server side of web services.

PLUS   Familiarity with Security Development Lifecycle process and the complexity of the customer environment is a merit.

2.Excellent knowledge of SOMC corporate culture, mission and goals

3.Highly experienced in global collaboration with excellent communications skills and broad professional network. Ability to clearly articulate thoughts, be persuasive and to deliver presentation and training to all levels of management.

Other        Result oriented and proven delivery record with quality and TTM focus

PLUS  Understanding of software security risk management and the ability to implement this across software architectures.

PLUS  Familiarity with software security weakness and vulnerabilities, secure code review techniques, and software attack & exploitation techniques.