World famous Healthcare Company
World famous Healthcare Company
The Information Security Director will be a critical role ensuring compliance in the changing legal landscape re: Cybersecurity and Data Protection, protecting our license to operate for China.
As the Security Leader for all China organizations, the Information Security Director will partner with local business leaders, regulators/government officials and other stakeholders, closely collaborating with all IT and functional business teams, to improve and maintain the information security posture of China. The Director will also ensure that all work products are on-time and high-quality to comply with the Global CISO's Information Security program and local cybersecurity and data protection laws.
The Director will oversee the compliance, governance and risk management for the internal IT area/infrastructure and related information assets (process, systems and data) and also the external partner/customer/general public facing digital products & solutions
Reporting into the global CISO organization, the Information Security Director will create and later lead a fit-for-purpose local team to operate in China.
Key Responsibilities Include:
• Ensure compliance with Classified Protection of Cybersecurity (CPCS), Cyber Security Law (CSL) and other related laws and regulations in China.
• Respond and work directly with Chinese authorities as a liaison to government audit / inspection or other requests
• Proactively identify new and modified China Cybersecurity data compliance requirements covering data protection to include personal information and important data protection (as defined by the government), and facilitate development of pragmatic solutions
• Establish and maintain compliance with Classified Protection of Cybersecurity (CPCS) standards to ensure protection of important data, as applicable (e.g., maintain the related logs, enforce data classification, ensure backup and encryption)
• Serves as an internal expert on China IT Security and Compliance policies, guides local business with local law & regulations perspective. Understand, discuss, and advise on strategic priorities, concerns and key IT risks
• Partner with all IT and business functional team(s) and act in a consultative way to help improve the security posture and adherence to security policies and expected controls
Awareness and Communications
• Work proactively with relevant business leadership members, IT and or security board to ensure security, IT risk and compliance is actively built into the organization objectives and procedures
• Manage, guide, and supervise security protection efforts for critical information infrastructure operations
Metrics and Reporting
• Provide regular, timely reporting on the information security status, and provide regular metrics and reporting to the leadership team with a focus on continuous improvement.
• Conduct proactive audit on SOPs/IOPs and execution to reduce the security risk. Job Requirements Include
• Bachelor’s degree or higher in Information Technology, Computer Science, Engineering, Business or equivalent is required.
• Proficiency in both spoken and written English and Chinese
• 8+ years of related work experience in Information Security, Privacy, Risk Management & Audit
• Strong understanding of applicable and accepted security and audit frameworks (such as COBIT and ISO), laws and regulations (China Cybersecurity Law, GDPR) & IT general controls
• Strong working knowledge in Pharma, Diagnostics, Research and Development, and Manufacturing or related experience
• Solid understanding of Data management, governance and the protection of key business information assets.