Position Summary
This role is a member of China security team, which is affiliated group of
corporate information security (CIT-I), and functionally dedicates to Business
Security Enablement. He or She will base in Guangzhou office and drive security
enhancement across local entities and reports to Information Security Officer
in China and dotted (functional) reports to Head of Corporate Business
Information Security Enablement.
As a Business Information Security Expert, this role must launch and sync the
overall security strategy by enterprise (CIT-IB) or business units in region.
This role will provide both direct and indirect mentorship, culture, security
education and technical guideline for a diverse group of security professionals.
This role will manage the overall security engineer program in Great China,
particularly Guangzhou, Shanghai, and Suzhou. This position is responsible to
ensure that our digital transformation is secure and resilient for product and
production.

Requirements
Education
· Bachelor’s degree in information systems, Computer Science, or related
field. Advanced degree is a plus.
· Certifications such as CISSP, CISM, CRISC or CISA are highly beneficial.
Experience / 经验
· 5+ years of experience in information technology, with at least 2 years in
a security and privacy role.
· Experience working in a multinational corporation.
· Proven experience in a managerial role within business information security.
· Proficient in vulnerability management (e.g., OWASP, CVE, FIRST, etc.) to
effectively assess and mit-igate risks.
· Familiarity with security technologies such as SIEM, DLP, and IAM
· Knowledge of vulnerability management, Pentest, and other risk
methodologies.
· Understanding the software supply chain by SecDevOps including SAST, SCA,
IAST, DAST.
· Understanding security governance of new technology such as AIGC
· Familiar with modern SecDevOps software development operations and Agile
Software techniques.
· Familiar with cloud Security and latest new technologies
· Align with technological Systems/Software Development Life Cycle (SDLC)
processes and industry-standard service management principles (such as ITIL) is
preferred.
Other skills
· Strong decision-making skills with a proven ability to take ownership.
· Strong understanding of information security principles, industry standards
and best practices.
· Strong knowledge of information security best practices, standards, and
frameworks (e.g., MLPS, ISO 27001, NIST, etc.).
· Excellent communication, interpersonal and leadership skills is mandatory.
· Both written and verbal, in English and Mandarin.
· Compliance practice of business and legislation (e.g., medical device, IoT
and etc.) is a plus.

Main Tasks
· This role will manage the overall security engineer program in Great China,
particularly Guangzhou, Shanghai, and Suzhou. This position is responsible to
ensure that our digital transformation is se-cure and resilient for product and
production.
· Ensure alignment of Corporate InfoSec policies with business objectives and
enable the Business to implement the strategic agenda with security by design.
· Serves as an Information Security subject matter expert and participates in
the development, im-plementation, and maintenance of information security for
the line of business.
· Enable Business centric InfoSec capabilities (Organization, Processes &
Technologies) that facilitate security engineer community.
· Coordinate initiatives and create synergy and standardization around
Business InfoSec.
· Drive security needs within technology back to the business in the form of
day-to-day operations.
· Direct security initiatives within the division or business unit that will
be led by the corporate busi-ness security department (start to finish).
· Establish with the business unit priorities specific to information
security duties that run parallel to business objectives, capacity, and funding
so there is broad commitment and engagement.
· Manages security control and reporting to ensure compliance with policies
and laws.
· This role will provide both direct and indirect mentorship, culture,
security education and technical guideline for a diverse group of security
professionals.