Eric J Sun

Experience

• 

  Huai'an Customs

  Aug 2004 - Jul 2005

  Customs Officer
• 

  Siemens IT Solutions and Services

  Aug 2005 - Jun 2011

  Consultant

  1.ISO27001 Internal Auditor Conduct yearly internal audit of IT Security Management System based on requirements from ISO27001 for SIS China from 2007 to 2010. Responsible for evaluation of effectiveness and efficiency of IT security management system, checking status of implementation of ITSM according to ISO27001 checklist, preparation of missing documents, assisting security manager for risk management and facilitating the organization to pass external supervisory auditing.2.SOA404 IT Internal AuditorAs a specialist in the area of SOX(Sarbanes-Oxley Act), conduct yearly Sarbanes-Oxley Act (SOX) 404 internal IT audit from 2006 to 2010 for three internal units covering IT governance, application hosting and IT infrastructure.responsible for evaluation of applications, analysis of processes and related documents (Annex2), setup of control sets (Annex3), assessment of IT control environment (Annex4),internal testing, documentation of all testing results, proposal of remediation, follow-up of process improvements, coordination of external auditing. Show less

• 

  Atlas Copco (Nanjing) Construction & Mining Equipment Ltd.

  Jul 2011 - Apr 2018

  Business Area Security Officer

  Takes care of IS/ IT security within business area and is a member of the Corporate IT Security Council. The council has the authority to enforce the compliance of the policies and standards related to IT security and is also responsible for monitoring, throughout all Atlas Copco businesses and report deviations to their manager. Detailed responsibility includes: - Implement and enforce the group IS/ IT security policies and procedures. - Update and develop new security procedures within operations and application development. - Follow-up and perform regular IS/ IT security audits to assure compliance of the IS/ IT security. - Review and real life testing of disaster recovery plans. - Promoting and leading IS/ IT security awareness programs and provides training for all employees. - Monitor internal control systems to ensure that appropriate information access levels and security clearance are maintained. - Performing information security risk audits. - Serving as an internal information security consultant following the group IS/ IT security strategy. - Monitoring changes in legislation and accreditation standards that affect IS/ IT security. - Reviewing all system-related information security plans throughout the organization's network, and acting as liaison to the Group Chief IT Security Officer. - Implement the AC security framework and lead projects to implement security solutions in business area. The implemented solutions include data leakage protection (DLP), Single Sign-On (SSO), Mobile Device Management (MDM) Show less

• 

  Epiroc (Nanjing) Construction & Mining Equipment Ltd

  May 2018 - now

  Regional IT Manger, North East Asia