Function: Technology Services, Global Cybersecurity
Travel Required: Minimal (10%)
Open for Referrals:

Position Overview:
The Regional Cybersecurity Manager at Costa coffee China will be a part of the Global Cybersecurity function under the Regional Information Security team. In this role you will support the security initiatives to improve the security posture of the Costa China business. The successful candidate will deliver this mission by understanding the Global Cybersecurity strategy and roadmap and executing it through cross-functional collaboration across Technology Services’ Global Delivery, Global Cybersecurity, Privacy and Security Operations. The successful delivery of your responsibilities will ensure that the programs, services and solutions within the Company are delivered securely to achieve their business goals. The position will report to the Global security manager for Costa and will work closely with the local and global IT teams.

Function Specific Activities:
Function Related Activities/Key Responsibilities


Operating Unit Support
Support and maintain relationships with key IT and business leadership and stakeholders across supported business units.
• Monitor compliance to security standards and policies. Define remediation plans for gaps and work with local and global teams to ensure ongoing compliance.
• Define and supply metrics to monitor security posture of Costa China.
• Responsible for the management of the China security assessment process, including scanning, reporting and vendor management.
• Promote company security requirements and guidelines to IT stakeholders and ensure they have the knowledge to apply them appropriately.
• Understand and communicate key Global Cybersecurity activities across supported business units, such as cybersecurity awareness and incident response.
• Understand and support key business and IT strategies across your supported business units.
• Understand and support the delivery of key applications and programs within your supported business units.
• Support regional regulatory requirements: MLPS, CAC submissions and state cyber security drills.

Corporate Liaison
• Develop and maintain relationships with key IT and business leadership and stakeholders at GCM.
• Understand and support key business and IT strategies in TCCC’sCosta’s Digital & Technology Services and Global Cybersecurity and facilitate alignment across the operating unit.
• Understand and provide support on technological requirements of data privacy regulations applicable to the in-scope operating units.

Education Requirements:
• Bachelor’s Degree in Computer Science, Computer Engineering or other appropriate field.
• Relevant industry certification preferred –CISSP and/or CISM, CISA, and other established security-related certifications. Azure-related Professional Certifications and/or MCSE: Cloud Platform and Infrastructure. Privacy-related certifications are encouraged.

Related Work Experience:
• 6 to 9 years of work experience in governance, risk, compliance and cloud security or relevant related field. Of the accumulated work experience, preferable to have at least 3 years of cloud (e.g. Azure, Alicloud, Aws) operation support working experience. Cloud administration certification is preferred.
• Work experience and familiarity with China cybersecurity and data security / privacy regulatory requirements, including but not limited to Multi-level Protection Scheme (MLPS) certification, cross border data security attestation, cybersecurity inspection and others.
• Familiarity with the leading cloud technologies, e.g., different AI solutions, IOT, HDInsight, , DB PaaS, cloud storages etc. In particular, technical understanding of Microsoft Azure security, AI, and infrastructure would be preferable.
• Technical experience designing, implementing, and/or supporting enterprise technology solutions.
• Technical experience identifying and mitigating risk using comprehensive security controls and technologies.
• Native Chinese speaker, good command of the English language.

Functional Skills:
• Participate in cross-functional teams to promote technology strategies, analyze and test products, or perform pilot and first implementations of new technologies in order to integrate new technologies into the Company's Global infrastructure.
• Deliver standards-related training or architecture updates (e.g., hardware, methodology, software packages, business data, security, retention, delivery methods and tools) to stakeholders (e.g., stewards, custodians, application teams) in order to ensure standards compliance and quality master data.
• Create a communications plan (e.g., memos, letters, plan review meetings, status lists) to ensure frequent, accurate and timely communication to all stakeholders and to solidify commitment to the project plan.
• Perform and evaluate risks of cybersecurity-related observations arising from security activities including security and vendor assessments.
• Prepare overall implementation plans, including a detailed schedule of all activities (e.g., data conversions, cutover activities, security assignments, training, testing) and the assignment of appropriate resources, in order to move the application into a production environment.

Job Requirements:
Education: bachelor’s degree or University.

Growth Behaviors:
• GROWTH MINDSET: Demonstrates curiosity. Welcomes failure as a learning opportunity.
• SMART RISK: Makes bold decisions/recommendations.
• EXTERNALLY FOCUSED: Understands the upstream and downstream implications of his/her work. Tracks and shares external trends, best practices or ideas.
• PERFORMANCE DRIVEN AND ACCOUNTABLE: Has high performance standards. Outperforms her/his peers.
• FAST/AGILE: Removes barriers to move faster. Experiments and adapts. Thrives under pressure and fast pace.
• EMPOWERED: Brings solutions instead of problems. Challenges the status quo. Has the courage to take an unpopular stance.

其他信息
语言要求：英语
行业要求：全部行业
所属部门：IT