1. Risk assessment and management: Conduct risk assessments on systems, processes, and services within a specific scope to identify potential risks, likelihoods, and impacts, and develop and implement corresponding risk management strategies based on the company's risk preferences. 2. Security event monitoring and response: Monitor the security event reporting platform, detect and respond to security incidents, and develop and implement threat response plans. 3. Research and analysis: Focus on security trends and vulnerabilities, analyze threat intelligence, and develop corresponding protection measures and recommendations based on the organization's internal situation. 4. Security awareness training: Develop and implement security awareness training activities to increase employee security awareness and reduce internal risks. 5. Internal process improvement: Provide optimization suggestions for existing processes, develop plans, and gradually improve communication and operational efficiency. 1. 風險評估和管理：對特定範圍內的系統、流程、服務進行風險評估，確定潛在風險、可能性與衝擊，依公司風險偏好制定和實施相應的風險管理策略。 2. 資安事件監控與響應：監控資安事件報告平台，發現和應對安全事件，制定和實施威脅響應計畫。 3. 研究和分析：專注安全趨勢和漏洞，分析威脅情報，依組織內部態勢制定對應的防護措施和建議。 4. 安全意識培訓：制訂與實施安全意識培訓活動，提高員工的安全意識，減少內部產生的風險。 5. 內部流程改善：針對現行流程提出優化建議、制定計畫並逐步提升溝通與作業效率。

1. Website Development and Maintenance: Responsible for developing, designing, and maintaining websites, ensuring their proper functioning, and updating and maintaining them according to customer needs. 2. Database Management: Responsible for managing website databases, including design, performance optimization, and maintenance, to ensure data accuracy and integrity. 3. System Security: Responsible for ensuring the security of the website system and preventing potential attacks and threats to ensure its availability and confidentiality. 4. Technical support: Providing technical support and solutions to website problems to ensure its normal operation. 5. Supplier and Project management: Coordinating and managing the website development team to ensure that projects are completed within budget and time constraints while meeting customer's quality expectations. 6. Customer Relationship Management: Establishing strong customer trust relationships, understanding customer needs, ensuring that customers receive timely and professional service to meet their expectations and needs. 1. 網站開發與維護：負責開發、設計和維護網站，確保網站正常運行，並根據客戶的需求進行更新與維護。 2. 資料庫管理：負責管理網站資料庫，包括設計、效能優化和維護，以確保資料的正確性與完整性。 3. 系統安全性：負責確保網站系統的安全性，並防範可能攻擊和威脅，以確保其可用性與機密性。 4. 技術支援：提供技術支援和網站問題的解決方案，以確保網站的正常運作。 5. 供應商與專案管理：協調和管理網站開發團隊，確保專案在預算和時間範圍內完成，同符合客戶對網站品質的期待。 6. 客戶關係管理：建立穩固的客戶信任關係，了解庫護需求，確保客戶獲得即時和專業的服務，以滿足客戶的期望和需求。

【 Security Related 資訊安全控制與治理相關 】 1. Initiate, plan, implement and monitor security strategies and controls to ensure the cybersecurity risk level is appropriate and always aligned with company objectives. (Conduct ISO 27001 security framework, 27002 security controls, 27005 risk assessment, IEC 62443 ICS security framework). Responsible for conducting ISMS containing it’s controls, self-assessment and providing 3rd party certification assists. 2. Assess IT change request ticket impact and risk assessment, and assist/execute related changes and tasks. 3. Implement a record logging system (ELK stack) which are logs generated from Microsoft 365 management activity API, infra-equipment, and services events to monitor, analyze, discover and notify potential risk events and prevent exploits. (Technical Stack: Elasticsearch, Logstash, Kibana, Winlogbeat) 4. Publish IT/cybersecurity-related articles internally, develop training materials and conduct security awareness training for colleagues. 5. Track security-related news (Equipment provider, TWCERT/CC, Cybersecurity community, social media), laws, and regulations (Cyber Security Management Act, Personal Data Protection Act). Develop solution proposals for the implementation of compliance and operational requirements, as well as optimization measures. 6. Maintain information system confidentiality, integrity and availability as follows - Network： Cisco SW、Fortinet & Palo Alto FW、VPN - Communication： Cisco Unified Communications Server Farm、Webex、Microsoft Teams - Server： ERP systems(Digiwin Workflow、Aras OpenPLM) , Windows AD/Azure AD Hybrid deployment、DNS、DHCP、NAC/NAS(Network Access Server)、Anti-Virus Console、Gitlab、Crestron Fusion、ELK Stack、OpenAudIT、WAF、IPS、DLP、RootCA - Web server： IIS、Tomcat、Nginx(Reverse Proxy) - SaaS： Microsoft 365 Global Admin、Elastic Cloud 1. 啟動、規劃、實施、監測資訊安全策略與控制措施確保組織處於合適的資安風險並與組織經營管理目標一致。（實施 ISO 27001 資安框架、ISO 27002 控制措施、ISO 27005 風險評鑑、IEC 62443 工控系統安全框架）。導入ISMS管理系統及其控制措施、完成自評及提供第三方驗證協助。 2. 處理組織內部一切資訊需求申請單之風險與衝擊評估，並執行或協助其相關變更或任務執行。 3. 建構紀錄存錄系統（ELK stack）紀錄 Microsoft 365 management activity API、資訊基礎設施、服務等事件，進行監視、分析、探索與通知潛在風險事件與漏洞預防。 4. 提升組織內部人員資安認知，包括內部電子報投稿、文件撰寫、資訊安全講座等。 5. 持續自設備供應商、TWCERT/CC、社群媒體等來源追蹤資訊安全最新訊息，研習法規、標準之內容與變更，主動依組織合規性需求，提出與執行相對之應對方案。 6. 資訊服務機密性與可用性管理 - 網路系統：Cisco SW、Fortinet & Palo Alto FW、VPN - 通訊系統：Cisco Unified Communications、Webex、Microsoft Teams - 伺服器：ERP systems(鼎新 Workflow、Aras OpenPLM), Windows AD/Azure AD Hybrid deployment、DNS、DHCP、NAC/NAS(Network Access Server)、Anti-Virus Console、Gitlab、Crestron Fusion、ELK Stack、OpenAudIT、WAF、IPS、DLP、RootCA - 網站伺服器：IIS、Tomcat、Nginx(Reverse Proxy) - SaaS：Microsoft 365 Global Admin、Elastic Cloud 【 IT Related 資訊相關 】 1. Manage and collaborate on a digital transformation program with SI to introduce and develop an advanced ERP system. (System Module: Contract payment, procurement cycle and project management related) 2. Develop ISMS forms and reporting service on ERP system to expedite e-approval and communication efficiency. (Technical Stack: C#, SQL, PowerShell) 3. Manage IT assets, lead infrastructure, hardware, software, IT service, license, etc. requirements assessment, procurement, and asset inventory. 4. Coordinate information systems stockholders' needs and evaluate the appropriate solution to achieve most requirements. 5. Manage and maintain IT facilities such as databases, web servers, network/communication equipment, and office equipment. Provide guides and troubleshooting for any stakeholder. 1. 協同數位轉型計畫，與系統整合商導入新一代 ERP 系統拓展既有鼎新 Workfow ERP 功能，包括合約付款明細展算、請付款單自動化、採購循環、專案管理相關系統模組開發、開發技術移轉。 2. 整合 ISMS 四階表單至 ERP 系統提升電子簽核與溝通效率(相關技術：C#、JS、Html、Aras Framework) 。 3. 資訊資產管理，主導資訊基礎設施、硬體、軟體、資訊服務、授權等需求評估、請購與資產盤點。 4. 協調資訊系統利害關係人需求並協助評估適切解決方案。 5. 管理並維護資訊設施(如資料庫、網站、網路通訊設備、辦公設備等)，提供使用者相關使用指引並協助技術問題排除。

1. Formed local IT infrastructure, performed daily system health checks, addressed issues, and documented results, including maintaining systems performance and troubleshooting outages aligned with Stantec procedures. 2. Execute government information bids from EPA/BOE/IDB, develop large information management systems, supervise schedules, and focus on performance and cybersecurity to review codes from other engineers. (Technical Stack: C#, Vue.js, SQL, Reporting service, PowerBI, IIS, Windows Server, Gitlab CI/CD, OWASP) 3. Manage and maintain IT facilities such as video conference equipment, IP phone, printers, and projectors. Provide guides and troubleshooting for any meetings & users. 1. 組建大中華地區資訊基礎設施，執行日常系統狀態檢查、解決問題並記錄結果，包括系統效能維護和故障排除以符合 Stantec 程序。 2. 執行政府資訊標案(環保署、能源局、工業局)相關工作，包括大型資訊管理系統開發、專案進度管理、允收品質管理(效能、資安風險)，主要負責系統架構開發、程式碼審查。(相關技術：C#, Vue.js, SQL, Reporting service, PowerBI, IIS, Windows Server, Gitlab CI/CD, OWASP ) 3. 管理並維護資訊設施(如會議設備、IP電話、事務機、投影機等)，提供會議室或使用者相關使用指引並協助技術問題排除。