【 Security Related 資訊安全控制與治理相關 】
1. Initiate, plan, implement and monitor security strategies and controls to ensure the cybersecurity risk level is appropriate and always aligned with company objectives. (Conduct ISO 27001 security framework, 27002 security controls, 27005 risk assessment, IEC 62443 ICS security framework). Responsible for conducting ISMS containing it’s controls, self-assessment and providing 3rd party certification assists.
2. Assess IT change request ticket impact and risk assessment, and assist/execute related changes and tasks.
3. Implement a record logging system (ELK stack) which are logs generated from Microsoft 365 management activity API, infra-equipment, and services events to monitor, analyze, discover and notify potential risk events and prevent exploits. (Technical Stack: Elasticsearch, Logstash, Kibana, Winlogbeat)
4. Publish IT/cybersecurity-related articles internally, develop training materials and conduct security awareness training for colleagues.
5. Track security-related news (Equipment provider, TWCERT/CC, Cybersecurity community, social media), laws, and regulations (Cyber Security Management Act, Personal Data Protection Act). Develop solution proposals for the implementation of compliance and operational requirements, as well as optimization measures.
6. Maintain information system confidentiality, integrity and availability as follows
- Network: Cisco SW、Fortinet & Palo Alto FW、VPN
- Communication: Cisco Unified Communications Server Farm、Webex、Microsoft Teams
- Server: ERP systems(Digiwin Workflow、Aras OpenPLM) , Windows AD/Azure AD Hybrid deployment、DNS、DHCP、NAC/NAS(Network Access Server)、Anti-Virus Console、Gitlab、Crestron Fusion、ELK Stack、OpenAudIT、WAF、IPS、DLP、RootCA
- Web server: IIS、Tomcat、Nginx(Reverse Proxy)
- SaaS: Microsoft 365 Global Admin、Elastic Cloud
1. 啟動、規劃、實施、監測資訊安全策略與控制措施確保組織處於合適的資安風險並與組織經營管理目標一致。(實施 ISO 27001 資安框架、ISO 27002 控制措施、ISO 27005 風險評鑑、IEC 62443 工控系統安全框架)。導入ISMS管理系統及其控制措施、完成自評及提供第三方驗證協助。
2. 處理組織內部一切資訊需求申請單之風險與衝擊評估,並執行或協助其相關變更或任務執行。
3. 建構紀錄存錄系統(ELK stack)紀錄 Microsoft 365 management activity API、資訊基礎設施、服務等事件,進行監視、分析、探索與通知潛在風險事件與漏洞預防。
4. 提升組織內部人員資安認知,包括內部電子報投稿、文件撰寫、資訊安全講座等。
5. 持續自設備供應商、TWCERT/CC、社群媒體等來源追蹤資訊安全最新訊息,研習法規、標準之內容與變更,主動依組織合規性需求,提出與執行相對之應對方案。
6. 資訊服務機密性與可用性管理
- 網路系統:Cisco SW、Fortinet & Palo Alto FW、VPN
- 通訊系統:Cisco Unified Communications、Webex、Microsoft Teams
- 伺服器:ERP systems(鼎新 Workflow、Aras OpenPLM), Windows AD/Azure AD Hybrid deployment、DNS、DHCP、NAC/NAS(Network Access Server)、Anti-Virus Console、Gitlab、Crestron Fusion、ELK Stack、OpenAudIT、WAF、IPS、DLP、RootCA
- 網站伺服器:IIS、Tomcat、Nginx(Reverse Proxy)
- SaaS:Microsoft 365 Global Admin、Elastic Cloud
【 IT Related 資訊相關 】
1. Manage and collaborate on a digital transformation program with SI to introduce and develop an advanced ERP system. (System Module: Contract payment, procurement cycle and project management related)
2. Develop ISMS forms and reporting service on ERP system to expedite e-approval and communication efficiency. (Technical Stack: C#, SQL, PowerShell)
3. Manage IT assets, lead infrastructure, hardware, software, IT service, license, etc. requirements assessment, procurement, and asset inventory.
4. Coordinate information systems stockholders' needs and evaluate the appropriate solution to achieve most requirements.
5. Manage and maintain IT facilities such as databases, web servers, network/communication equipment, and office equipment. Provide guides and troubleshooting for any stakeholder.
1. 協同數位轉型計畫,與系統整合商導入新一代 ERP 系統拓展既有鼎新 Workfow ERP 功能,包括合約付款明細展算、請付款單自動化、採購循環、專案管理相關系統模組開發、開發技術移轉。
2. 整合 ISMS 四階表單至 ERP 系統提升電子簽核與溝通效率(相關技術:C#、JS、Html、Aras Framework) 。
3. 資訊資產管理,主導資訊基礎設施、硬體、軟體、資訊服務、授權等需求評估、請購與資產盤點。
4. 協調資訊系統利害關係人需求並協助評估適切解決方案。
5. 管理並維護資訊設施(如資料庫、網站、網路通訊設備、辦公設備等),提供使用者相關使用指引並協助技術問題排除。