Position Summary This role is a member of China security team, which is affiliated group of corporate information security (CIT-I), and functionally dedicates to Business Security Enablement. He or She will base in Guangzhou office and drive security enhancement across local entities and reports to Information Security Officer in China and dotted (functional) reports to Head of Corporate Business Information Security Enablement. As a Business Information Security Expert, this role must launch and sync the overall security strategy by enterprise (CIT-IB) or business units in region. This role will provide both direct and indirect mentorship, culture, security education and technical guideline for a diverse group of security professionals. This role will manage the overall security engineer program in Great China, particularly Guangzhou, Shanghai, and Suzhou. This position is responsible to ensure that our digital transformation is secure and resilient for product and production.
Requirements Education · Bachelor’s degree in information systems, Computer Science, or related field. Advanced degree is a plus. · Certifications such as CISSP, CISM, CRISC or CISA are highly beneficial. Experience / 经验 · 5+ years of experience in information technology, with at least 2 years in a security and privacy role. · Experience working in a multinational corporation. · Proven experience in a managerial role within business information security. · Proficient in vulnerability management (e.g., OWASP, CVE, FIRST, etc.) to effectively assess and mit-igate risks. · Familiarity with security technologies such as SIEM, DLP, and IAM · Knowledge of vulnerability management, Pentest, and other risk methodologies. · Understanding the software supply chain by SecDevOps including SAST, SCA, IAST, DAST. · Understanding security governance of new technology such as AIGC · Familiar with modern SecDevOps software development operations and Agile Software techniques. · Familiar with cloud Security and latest new technologies · Align with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL) is preferred. Other skills · Strong decision-making skills with a proven ability to take ownership. · Strong understanding of information security principles, industry standards and best practices. · Strong knowledge of information security best practices, standards, and frameworks (e.g., MLPS, ISO 27001, NIST, etc.). · Excellent communication, interpersonal and leadership skills is mandatory. · Both written and verbal, in English and Mandarin. · Compliance practice of business and legislation (e.g., medical device, IoT and etc.) is a plus.
Main Tasks · This role will manage the overall security engineer program in Great China, particularly Guangzhou, Shanghai, and Suzhou. This position is responsible to ensure that our digital transformation is se-cure and resilient for product and production. · Ensure alignment of Corporate InfoSec policies with business objectives and enable the Business to implement the strategic agenda with security by design. · Serves as an Information Security subject matter expert and participates in the development, im-plementation, and maintenance of information security for the line of business. · Enable Business centric InfoSec capabilities (Organization, Processes & Technologies) that facilitate security engineer community. · Coordinate initiatives and create synergy and standardization around Business InfoSec. · Drive security needs within technology back to the business in the form of day-to-day operations. · Direct security initiatives within the division or business unit that will be led by the corporate busi-ness security department (start to finish). · Establish with the business unit priorities specific to information security duties that run parallel to business objectives, capacity, and funding so there is broad commitment and engagement. · Manages security control and reporting to ensure compliance with policies and laws. · This role will provide both direct and indirect mentorship, culture, security education and technical guideline for a diverse group of security professionals.