【In this role, you have the opportunity to】

As Information Security Officer, you are the responsible expert in your designated business, market and functions for all activities related to information and services security, both internally within the Enterprise, and for the services we deliver to our customers.

The Information Security Officer works across various environments, markets and business teams to maintain and expand a world-class capability and culture around information & service security and ensures that formal regulations and certifications are kept up to date and adhered to.

【Key Responsibilities】

(1)Security Leadership

1. Support/localize information & service security awareness, training and education programs.
2. Support, create, approve and embed information/service security policies, adaptions, and standards.
3. Establish & deliver centralized reporting within the company, and to the business markets on the effectiveness of the information & service security function and its performance against strategic objectives.

(2)Information & Services Security Management:

1. Creating products & services security strategies, both short-term and long-range, in support of the business goals.
2. Identify product/services security requirements throughout the Product Development Lifecycle Management and work with other teams as necessary to provide mitigation and cost/benefit analysis.
3. Directing an ongoing, proactive product & services security risk assessment program so effective controls can be put in place for those areas presenting the greatest information security risk. Communicating risks and recommendations to mitigate risks to the senior management.
4. Supporting businesses in maintaining external business certifications and compliance with other (international) guidelines for information security.
5. Assisting with business internal audits and overseeing and guiding external audits related to its products and services in the markets.
6. Engage with business, markets and functions to identify improvement opportunities across secure foundation, information protection, and secure access to business information/assets, threat / incidents response capabilities and vulnerabilities mitigation.
7. Drive local business on the implementation of ISMS (High level controls and Technical Baselines), gather information and assess risk together with the team.
Support the embedding of Information Security (e.g. ISMS, client requirements, Technical Baselines) within business/markets/ functions operations and various environments.

(3)Security Incident Management

1. Respond to and investigate information security incidents and breaches in order to reduce/contain potential damage; act as liaison with relevant regulators and/or enforcement agencies in relation to information security matters.
2. Report information security incidents according to internal information security guideline; work with country ISO to manage the risk related to the new incident if required.

(4)Security Audit

1. Undertake information security review in businesses and functions to ensure compliance with internal policies and external regulations, and perform annual audit.
2. Inform country ISO on any Internal and External Audits; manage the information flow and responses to the audit reviews.

【Key Requirements】

1. Minimum of 4 years in service/information security or risk management and/or related functions (such as IT audit, IT Risk Management and IT Compliance)
2. Excellent knowledge of ISO27001/2 and China Cybersecurity Laws
Information security management or audit qualifications such as CISM/ CISSP/ CISA/ CRISC
3. Experience in the creation and enforcement of information security (including the sensitivity to establish a risk based view on compliance), including compliance reporting
4. Strong interpersonal skills – communication, presentation, ability to influence and lead
5. Ability to work within a multi-function, multi-discipline team environment with strong influencing, management and communication skills
6. English fluency
7. Willingness to travel as needed

其他信息
语言要求：英语