about the company.
A global company
about the job.
1/Develop and execute security compliance policies and procedures to respect Chinese Cybersecurity regulation and law.
Build, communicate and monitor the implementation of security policies and standards.
Keep on track with Government laws and regulation in order to update the policies and procedures accordingly.
...
Provide security standards to 3rd party connected projects and explicate Company policy and monitor controls applicability
Leverage the external expertise to enhance in-house security competence and toolbox.
2/ Ensure security on digital assets and conduct regular internal audits and implement actions.
Set up the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems and digital tools.
Work with experts to Identify cybersecurity architecture, goals, objectives and metrics;
Communicate regularly about security vulnerability reportings and monitor remediations
Provide a toolbox for preventing and solving vulnerability exposure and information leaking
Lead on actions with unite S&T teams when there is security emergency
Perform the vendor assessment to identify the 3rd party risks
3/ Analyse business needs and evaluate business impact on security.
Coach product team to analyze business needs and priorities for protection of systems, specially critical systems.
Establish and reinforce teams to implement operational policies and appropriate standards and criteria for hardware, software, email and web firewall, access verification and encryption requirements.
Evaluate potential business impacts from security breaches and provide strategic and tactical guidance to business decision-makers.
4/ Educate company employees and accompany digital product teams to assure the right level of security awareness.
Assure Employee IT Charter (“EIC”) for Company China is updated and implemented.
Provide security skill matrix for employees and digital product teams to empower self-learning and self-evaluation.
Communicate regularly with the management team regarding our security competence level.
5/ Join Company united security community to have alignment on security guidelines and policy
Mission defined by CISO: Mission RSO Country
Participate and act lively within the security community to ensure security strategy is aligned and Information is transparently shared.
China local specific cases synchronization and sharing and ask for advice when necessary.
skills and experience required.
Main know-how
Familiar with Cloud Engineering and Ecosystem.
Code Management and Code Intellectual Copyrights Protection
DevSecOps Methodology
Definition of China Cybersecurity and GDPR (Europe) understanding
ISO/IEC27001 of security process control
Risk impact analysis and control
Project roadmap
Data properties, Data processing procedure, Data transmitting
Infrastructure
Definition of Personal Information Collection and China Data Classification
Software Development Life Cycle (SDLC)
Business Continuity and Disaster Recovery Plan