Principal, Information Security Analyst
Security & Privacy Audit and Certification team has a mission to ensure business safety and customer trust by assessing and improving potential security and privacy risks by auditing whether all activities within the organization comply with internal security policies and related laws and regulations. for this, needs to have an understanding for Coupang business relevant laws and regulations and as well as a broad knowledge and experience on various certification system such as ISO27001, K-ISMS and K-PIMS. Based on this, internal security audit and external security audit response should be performed.
● Establishment and implementation of internal security audit framework
● Establish audit planning and execution including security and privacy
● Suggesting improvements or alternatives for deficient identified through audit.
● Explain audit findings to developer or users and make practical recommendations.
● Improvement to risk management methodology and identification, evaluation and treatment for risks
● Management of security related certification and respond certification audit
● Bachelor’s Degree is required.
● More than 10 years of security audit experience
● High-level technical experience and understanding of IT infrastructure, service and cloud environment
● Experience with cloud service-based security auditing
● Ability to high quality create report
● Communication skill
● High level understanding of acts, security policies
● Experience of compliance response
● Over 5 years of ISO27001, ISO27017, ISO27018, ISO27701, ISO29100 certification management experience and clear understanding of certification requirements
● Experience in PCI-DSS certification
● High level of experience and understanding of the AWS environment
● Problem improvement and suggestion ability
● Ability to review business process and identify and improve issues
● Experience with security risk management
● Understanding and experience of Korean law
● Security certificate holders (CISA, CISSP, CCSP, ISO27001 Auditor, Other)