Summary

• The China IS Security Manager is accountable for managing and guiding IS security activities in collaboration with Corporate IS management to ensure that IS security of COMPANY China is implemented in compliant with China Cyber Security Law (CSL) requirements as well as in consistent with corporate's IS security strategy.
• This includes cyber security policy and procedure development, security risk assessment, awareness and training support, security reporting, security designing and review for IT project delivery, change management, incident management, emergency plan and security related vendor management.
• The China IS Security Manager is a leader who understands working in an operational environment and is strategic in nature. The position engages in ongoing efforts to inform and guide the implementation of security that align to the set standards and information security laws and regulations.
• The China IS Security Manager serves as a subject matter expert in the security disciplines: security governance, secure development and security operation.

Requirements

• Provide input to the Corporate cyber security strategy to align with China's Cyber Security Law (CSL)
• Support development and updates of policies, standards, procedures and guidelines
• Support development and coordination of COMPANY China information security awareness and training programs
• Perform and review risk assessment:
• Perform risk assessments and review of cyber security to comply with China's CSL
• Perform risk assessments and reviews on cross border data transfer to comply with China's CSL
• Manage and oversee information security regulatory compliance efforts, including MLPS self-assessment & grading, reporting, etc.
• Lead and coordinate IT crisis management, government affairs and cyber security reporting with applicable government sectors
• Provide security advice and support implementation across IS projects
• Perform and provide China-specific security review and clearance for IS project deliverables
• Provide China-specific security requirements for IS operations facility maintenance, including the datacenter, door security & camera system, Uninterrupted Power Supply (UPS), air condition system, etc.
• Provide security requirements as part of IT vendor management
• Perform network equipment and security product verification in procurement process to comply with China’s CSL
• Manage security incidents through investigation to resolution in accordance with COMPANY’s incident management process, and report and communicate security incidents internally or externally, where necessary
• Perform security reviews of change requests and verify appropriate change management documentation
• Provide China-specific security requirements for IS operations hardware maintenance, including network infrastructure, servers, workstations, etc.
• Support and coordinate with local IS operation and Corporate IS for vulnerability management, access control, log management, back up, and emergency plan
• Cooperate with COMPANY Corporate IS Security to ensure cyber security in China align with Corporate IS security requirements

Qualifications

• Bachelor’s degree
• 5-10 years' experience in information systems with large, complex organizations
• 5 years’ experience in information security, control and governance
• In-depth current knowledge of China’s CSL, regulations and data protection requirements
• Advanced understanding of policy frameworks (ISO, COSO, COBIT, ISF, and others)
• Effective client management skills, including interacting and communicating with business partners, consolidating requirements and translating them into IS deliverables, as well as establishing Key Performance Indicators (KPIs) and service levels to improve the client experience
• Capable of playing a leadership role in conducting information asset value assessments
• Fluent communication skill in English; specially communication experience with authority government and for internal and external customer service

上班地址：太子路