Strategic purpose of the position:
1361 Lead the security within Carlsberg China, moreover, ensure Carlsberg China business is adequately protected toward both China specific security regulatory as well as develop solutions in line with group security policies.
61 Responsible for devising a strategic approach to all aspects of security within the China in collaboration with the Director, Group Information Security and Senior Security Architect Asia
61 Deliver security advisory to the local market
61 Assist and support the China Management Team including his/her superior Senior Director IIT China.


Job responsibilities:
1361 Implementation of global processes of information security standards and policies at the regional and country level, provision of an information security control environment in accordance with the requirements of the Carlsberg group.
61 Participation in global information security projects.
61 Development and implementation of the necessary regional information security policies in accordance with local legislation. Participation in the development of regional and local IT processes, technologies, products.
61 Information support of business units on information security issues and the required level of maturity of the control environment.
61 Cooperate with teams to analyze and evaluate the information security risks of the network, system, authority, data, etc, explore the security vulnerabilities of the information system, identify the potential threats to the information security in the operation process, and follow up various rectification and optimization measures.
61 Responsible for daily information security incident response, assist security investigation and incident follow up.
61 Support the Security operations centre to identify the causes of information security incidents, carry out the necessary expertise and consultations.
61 Evaluate new services and products,
61 Assist in planning the necessary training for company employees in the field of information security
61 Develop and present to management the necessary policies, regulations and instructions


Competencies:
1361 Solid decision maker. Make complex decisions independent of supervisor input, based on proven expertise or knowledge.
61 Apply analytical skills effectively when analysing solutions, incidents or processes. Willing to apply decision-making skill based on own independent analysis.
61 Experienced when it comes to changing organisational processes when security is needed to meet regulatory requirements.
61 Continuous self-learning to maintain currency in rapidly developing technical field.
61 Develop and sustain collaborative working relations internally with individuals and groups, and externally with security authorities.
61 Knowledge of the requirements of legislation and government agencies in the field of information processing and protection, state, commercial secrets and personal data processing.
61 Ability to analyze information flows, information processing systems, technical IT solutions for possible risks of technical failure, external influences with the aim of theft or destruction.
61 Ability to design and implement measures to manage information security risks, including SoD risks, third-party access, remote access, administrator and privileged user access.
61 Knowledge of technical solutions used in the field of information technology, and appropriate tools and methods for protecting information.
61 Ability to analyze business processes, formalize requirements for them in terms of information security, identify inherent risks and areas of possible improvement.
61 Experience with security policy, standards and control definitions, including ITGC. Strong knowledge of current and emerging cybersecurity risks as well as innovative risk management techniques.
61 Bachelor’s degree in information security or similar. Preferably, more than 10 years of experience in a large international company with similar position.
61 Familiar with ISO27001, NIS or NIST information security related standards, information system security level protection and other information security policies and regulations. CISP, CISSP and other industry qualification certificates are preferred.
61 independent travel within the country and occasionally beyond.