Job Description 职位描述
85 Solid knowledge and hands-on experience in managing data security and privacy protection-related tasks
85 Supporting the design, build, and implementation of enterprise-wide information security governance and reporting;
61 Policy and standards development, technology risk assurance, and regulatory management;
61 Employees' information security awareness training
Concerning new business initiatives,
61 Actively advise assess and lead business and IT partners in the development of security controls and solutions to ensure IT risk for the company;
61 Work directly with the business units to facilitate risk assessment and risk management processes;
61 Partner with business stakeholders across the company to raise awareness of risk management concerns.
Job Requirements 岗位要求 （任职资格）
61 Bachelor degree or above.
61 Minimum 5 to 7 years of full-time work experience in information security and technology risk management or other relevant areas.
61 Solid knowledge of the key concepts of the China regulatory requirements related to
o Cybersecurity Law, Personal Information Protection Law, and Data Security Law;
o Financial industry information security regulations;
o Personal information protection and important data security;
o Cross-border data transfer security assessment
61 Hands-on experience with information security and technology risk governance and management framework implementation
61 Hands-on experience with facing China financial industry regulators' inquiries is desired
61 Hands-on experience with the PCI DSS assessment is desired.
61 Strong understanding of information security and technology risks and controls management concepts and frameworks, including:
o ISO/IEC 27001, NIST CSF, PCI DSS, China Classified Protection of Cyber Security, People’s Bank of China Cybersecurity Standards of Financial Industry, as well as the associated assessment methodologies in the financial industry.
61 Solid team coordination skills with the ability to communicate with senior leaders, technology teams, and business partners to explain complex technical situations.
61 Professional certificates such as CISA, CISM, CRISC, CIPP/E (or similar), and CIPM are preferred.