chief information security officer.

• Serve as the regional information security expert & decision maker regarding the evaluation, procurement, and deployment of security-related products
• Responsible for coordinating, aligning and translating business requirements and security generally accepted practices (e.g., risk-based practices) into security-based project plans and deliverables (e.g., standards, controls, guides, design implementations, runbooks, etc.)
• Define, propose, and coordinate security action plans including organizational, contractual and measures related to applications, infrastructure and IT services.
• Coordinate with internal stakeholders at all levels as well as with external vendors for daily security operations, including but not limited to access control, data classification, backup, encryption, etc.
• Ensure that data protection and information security risks are appropriately addressed, including performing information security risk assessments of infrastructure or application implementation for new project or modification to existing technology, coordinating comprehensive risk/impact assessment (e.g. security controls implemented, data protection, access control, cross-border data transfer, data sharing and disclosure, sensitive personal information processing, etc.).
• Review periodical security risk assessment results and ensure timely completion of remediation activities
• Coordinate completion of information security & privacy awareness training.
• Lead data and security incidents investigation and prioritize incident handling, report to the authority on data and security incident as required.
• Work closely with information security team members & peers in the global organization.

skills and experience required.

• Education: Bachelor or above of Engineering or equivalent, majoring in Computer Sciences or engineering, or information security preferred.
• Experience: Minimum 10 years of IT experience, out of which 5 years with IT Security, serving automobile industry is a plus.
• Stay current on solution vulnerabilities and provide tailored security recommendations to maximize business usability and solution security.
• Thorough understanding of information security frameworks such as NIST CSF, ISO-27001 and / or NIST 800-53, or equivalent. 
• Comprehensive understanding on data governance, familiar with data security system and technology. Experience in data protection and information security system establishment, including as data security governance, information security management, personal information protection, etc. is preferred. 
• Understand key cloud architecture principles, APIs, as well as appropriate enterprise data handling practices.
• Solid understanding of Identity & Access Management principles, Endpoint Security, Data Protection standards, network security technologies & application security.
• Good understanding of Operating Systems including Windows, Linux, iOS, Android, etc.
• Guide root cause analysis, debugging, support, and post-mortem analysis for any service interruptions.
• Fluency (written, spoken and read) in Mandarin Chinese and English; the ability to understand and translate technical documentation from Mandarin Chinese to English, vice versa is required.
• Proven knowledge domestic and foreign data protection and information security compliance requirements, and familiar with the laws, regulations and related to cybersecurity, data security and personal information protection.
• Strong communication skill and teamwork skill, able to effectively communicate with cross-functional teams and vendors, both written and oral communication is critical.
• High energy level, comfortable performing multiple projects in conjunction with day-to-day activities.
• Ability to work under pressure and with multiple stakeholders
• Superior interpersonal abilities. Ability to get along with diverse personalities, tactful, flexible.
• Ability to tactfully and effectively work on confidential matters
• Certifications: Information security related certification (e.g. CISP注册信息安全专业人员, CISSP, CISM, CISA, ISO27001, ITIL) is desirable but not a must. 
• Ability to work flexible hours. 
• Retail company experience a plus