Job summary
The (Senior) IT Compliance Engineer is responsible for enhancing the IT compliance of the company’s business and IT operation. In the long term, this position would be heavily involved with Dezan Shira’s external clients for providing IT compliance services as well, once the internal IT compliance situation has reached a high enough standard. Consistent customer care, quality standards, strong communication skill, and knowledge of IT compliance requirements and practices are core competencies for the position. Ability to quickly adapt to changing priorities and fluctuations in workflow are also requirements of the IT Compliance Engineer role.

Principal Responsibilities: (Essential Function)
• Internal compliance management
o Follow the changes and trends in security compliance field and deliver the knowledge and experience through trainings and sharing sessions to internal and external stakeholders
o Coordinating with legal and operational teams to identify compliance gaps and perform improvement actions
o Building internal compliance management process, policy, procedure

• External compliance service to clients
o Identifying the applicable compliance requirements to the company under the context of existing business and IT operation / environment
o Conducting gap analysis against the security and compliance standard requirements and identifying the potential security and compliance of existing practice
o Evaluating the potential risks and locating the solutions for improvement
o Communicating with related stakeholders on the findings and corrective actions needed

• Compliance awareness training
o Conducting and implementing compliance awareness campaigns to all staff and external clients
o Arranging the compliance related training to internal IT / IS team and other key operation teams which involving large size of personal information processing

• IT Audit
o Deeply involving in annual review of ISO27001 and other potential accreditation work
o Taking part in external IT audit project when needed

• Other Information Security related work
o Auditing IT security level of all global offices and managing the information security threats associated with the operational environment
o Reviewing existing IT infrastructure, locating weaknesses on security and developing improvement plans
o Coordinating internal IT / IS team to implement security enhancement and mitigating security risk
o Developing security policies, procedures, and guides
o Developing & reviewing Business Continuity Plan and Disaster Recovery Plan

Job Requirements

Skills
• Be familiar with regulatory environment of China with hands-on compliance experience such as MLPS, privacy management or personal information protection
• Relevant experience in security and privacy law compliance including PIPL, CSL, DSL, GDPR and other IT-related laws, regulations, and national standards
• Experience of IT governance, risk management and control with knowledge of ISO27001, ISO27701. Experience of IT audit will be a plus
• Experience and knowledge of information security management will be a plus
• Good verbal and written communication skills, must be able to use English as working language
• Problem solving skills, organizational skills, and the ability to exercise sound judgment in any customer service scenario
• The selected candidate must be good team player with self-motivation and have the ability to work independently with minimal direction
• Willingness to travel and work beyond office hours in case of any urgent and important incidents

Education
• Bachelor in IT or related discipline
• Any certificate of CIPT / CDPSE / DPO / CISA / CISSP / ISO27001 will be a plus

Experience
• 3-5 years of experience in IT, with at least 2 years focus on compliance or information security
• Working experience in multi-national company will be a plus

其他信息
语言要求：英语

所属部门：GIT&IS