Position Summary
As a Data Security Expert in our multinational personal consumer goods company, you will be at the forefront of safeguarding our data assets. You will be responsible for establishing and managing comprehensive data securi-ty governance frameworks, leading certification efforts to ensure compliance with international standards, and overseeing audit processes. This role requires you to collaborate closely with cross - functional teams, including IT, legal, and business units, to identify and mitigate data security risks, and to ensure that our data - driven business operations are secure and compliant.
This role is a member of China security team, which is affiliated group of corporate information security (CIT-I). He or She will drive security enhancement across local entities and reports to Information Security Officer in China, and dotted line to corporate information security team.
Requirements
Education
- Bachelor’s degree or above in information security, computer science or a related field. A master's degree is a plus.
- Certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) are highly desirable.
Experience
- Minimum of 5 years of experience in information security or related fields. At least 3 years of experience in security governance, certification projects, or audit management.
- Proven experience in multinational companies, especially in the personal consumer goods industry, is pre-ferred.
- Familiarity with global data security regulations and standards like GDPR, MLPS, and ISO 27001, etc.
Other skills
- Excellent communication skills, both written and verbal, in English and Mandarin, to effectively communicate with teams across different regions and functions.
- Strong understanding of data security governance principles, models, and best practices.
- In - depth knowledge of data security certification requirements and processes.
- Strong leadership and project management skills to drive complex data security initiatives. Ability to analyze complex data security issues and develop effective solutions.
Main Tasks
Data Security Governance:
- Develop and implement a comprehensive data security governance framework that aligns with global business strategies and regulatory requirements.
- Define data security policies, procedures, and standards, and ensure their effective communication and adoption across the organization.
- Establish data security roles and responsibilities and promote a data - security - aware culture within the company.
Collaboration and Training:
- Work closely with IT, legal and other teams to integrate data security requirements into system develop-ment and operations.
- Collaborate with legal and compliance teams to ensure that data security practices are legally compliant.
- Provide training and awareness programs on data security governance, certification, and audit require-ments to employees across the organization.
Certification Management:
- Lead the company's efforts in obtaining and maintaining data security certifications, such as MLPS, CBDT, PIP Certification, ISO 27001, SOC 2, etc.
- Coordinate with internal teams and external auditors, prepare necessary documentation, and address any non - compliance issues identified during the certification process.
- Stay updated on changes in certification requirements and drive continuous improvement to maintain compliance.
Audit Management:
- Oversee the planning, execution, and reporting of data security audits. Develop audit plans based on risk assessments and ensure that audits cover all critical data assets and business processes.
- Analyze audit results, identify areas of weakness, and recommend and track the implementation of correc-tive actions. Collaborate with IT and business units to resolve audit findings and improve data security con-trols.