Regional IT Infra Security Lead

Responsibilities:

• Develop and implement IT security Policies, Procedures as per the requirement. Work closely with Cyber security team to develop and implement best practices.

• Security operational delivery – Coordinate and participate in change process, escalate security issues towards the service providers, ensure communication towards the local business in incident, service outage/crisis and change cases and execute complaint handling according to the ITIL process. Conduct regular risk assessments & Internal Audits.

• Monitoring, Detecting and Acting upon unwanted traffic by using security tools. Lead investigations and forensic analysis of security breaches. Proactively search for anomalies and security threats. Validate, confirm, and facilitate resolving vulnerabilities. Tuning new alerts with the creating exception for any false positives or risk alleviation for compensating controls. Perform OT asset discovery and do regular CMDB updating.

• Communication – Explain and advise on the IT security services, policies and standards towards the business as well as explain the local business requirements to the vendors for security policies and operation. Keep the site related security information (i.e. site security data) actual for the site(s).

• USB & Portable media control process – Ensure the defined portable media process is enforced. Timely Audit and update of process.

• Firewall Management – facilitate information collection for the local user request on new firewall rule with an approval. Coordinate with global Firewall team for the change implementation on the new firewall rule creation. House keep the firewall to have optimized usage.

• Cyber Security – coordinate in operational IT security cases when required, link to the IT Cyber Security team as contact point and facilitate regular IT Security tasks (i.e. security checklist) for the site(s).

• End Point Security – Ensuring and maintaining EPS on those legacy OS in OT environment. Coordinate with Cyber Security & SOC in any security risks or virus outbreak on this EPS clients.

• Vulnerability & Hardening – participate in system vulnerability and hardening process with Cyber Security team.

• Keeps maintaining security compliancy in local site. Securing system on regular security patch deployment.

• Quality and continuous improvement – Ensure vendor perform and execute according to security requirements and NXP IT procedures for security audits, Four Eyes principle monitoring and other relevant topics, including 8D/3x5Y process.

• Audit & Compliance : Drive end -to -end IT security audit requirements for the Site/ Region. Prepare well defined process and documentation/ Artefacts etc which are necessary for various audit requirement. Participate / represent Audit discussions as Site/ Regional security SPOC.

• Training & Awareness: Work with Global cyber security team & Site IT management to define training materials for each sites. Conduct regular security trainings and perform simulations as per the requirements.

• Collaboration – Work with IT teams to integrate security into system designs and applications. Evaluate and recommend new security technologies and solutions.

• Good knowledge on network & Operating Systems.

Qualifications:

• Bachelor’s degree in computer science, Information Security, or a related field.

• 7+ years of experience in IT security, with at least 2 years in a leadership role.

• Professional certifications such as CISSP, CISM, CISA, or equivalent are preferred.

• Strong knowledge of cybersecurity frameworks, risk management, and compliance requirements.

• Experience with security tools such as SIEM, firewalls, IDS/IPS, and endpoint protection.

• Good understanding of industry regulations and standards such as ISO 27001, NIST, GDPR, and other regional cybersecurity mandates

• Good knowledge on IT infrastructure – Servers, Database & Cloud.

• Hands-on experience in incident response and threat intelligence.

• Excellent problem-solving and decision-making skills.

• Proficient knowledge in English

• Strong communication and stakeholder management abilities.

• Ability to work independently and lead security initiatives across multiple locations.

More information about NXP in Greater China...