Position Summary
As a Security Professional in our multinational company, you will be at the forefront of safeguarding our data assets. You will be responsible for establishing and managing comprehensive security governance frameworks, leading certification efforts to ensure compliance with international standards, enabling business security and engaged in audit processes. This role requires you to collaborate closely with cross-functional teams, including IT, legal, other supporting functions and business units, to identify and mitigate security risks, and to ensure that our data - driven business operations are secure and compliant.
This role is a member of China security team, which is affiliated group of corporate information security (CIT-I). He or She will drive security enhancement across local entities and reports to Information Security Officer in China, and dotted line to corporate information security team.

Main Tasks

Security Governance:

● Develop and implement a comprehensive security governance framework that aligns with global business strategies and regulatory requirements.
● Define security policies, procedures, and standards, and ensure their effective communication and adoption across the organization.
● Establish security roles and responsibilities and promote a security aware culture within the company.
Collaboration and Enablement:

● Work closely with IT, legal and other teams to integrate security requirements into system development and operations.
● Collaborate with legal and compliance teams to ensure that security practices are legally compliant.
● Provide training and awareness programs on security governance, certification, and audit requirements to employees across the organization.
Certification Management:

● Lead the company's efforts in obtaining and maintaining security certifications, such as MLPS, CBDT, PIP Certification, ISO 27001, SOC 2, etc.
● Coordinate with internal teams and external stakeholders, prepare necessary documentation, and address any non-compliance issues identified during the certification process.
● Stay updated on changes in certification requirements and drive continuous improvement to maintain compliance.
Audit Management:

● Oversee the planning, execution, and reporting of security assessments. Develop mitigation plans based on risk assessments and ensure covering all critical data assets and business processes.
● Analyze audit results, identify areas of weakness, and recommend and track the implementation of corrective actions. Collaborate with IT and business units to resolve audit findings and improve security controls.

Requirements
Education

● Bachelor’s degree or above in information security or a related field. A master's degree is a plus.
● Certifications such as CISSP, CISA, or other professional qualifications are highly desirable.
Experience

● Minimum of 5 years of experience in related fields. At least 3 years of experience in security governance, certification projects, or audit management.
● Proven experience in multinational companies, especially in the personal consumer goods industry, is preferred.
● Familiarity with worldwide security regulations and standards like GDPR, NIS2, MLPS, ISO 27001 etc.
Other skills

● Excellent communication skills, both written and verbal, in English and Mandarin, to effectively communicate with teams across different regions and functions.
● In-depth knowledge of security certification requirements and processes.
● Strong leadership and project management skills to drive complex security initiatives. Ability to analyze complex security issues and develop effective solutions.