薪资: salary negotiable
行业: 制药/医疗
子行业: 医疗器械
职能: Security Management

公司概况

World famous Healthcare Company

职位描述

The Information Security Director will be a critical role ensuring compliance in the changing legal landscape re: Cybersecurity and Data Protection, protecting our license to operate for China.
As the Security Leader for all China organizations, the Information Security Director will partner with local business leaders, regulators/government officials and other stakeholders, closely collaborating with all IT and functional business teams, to improve and maintain the information security posture of China. The Director will also ensure that all work products are on-time and high-quality to comply with the Global CISO's Information Security program and local cybersecurity and data protection laws.
The Director will oversee the compliance, governance and risk management for the internal IT area/infrastructure and related information assets (process, systems and data) and also the external partner/customer/general public facing digital products & solutions
Reporting into the global CISO organization, the Information Security Director will create and later lead a fit-for-purpose local team to operate in China.

Key Responsibilities Include:

Compliance
• Ensure compliance with Classified Protection of Cybersecurity (CPCS), Cyber Security Law (CSL) and other related laws and regulations in China.
• Respond and work directly with Chinese authorities as a liaison to government audit / inspection or other requests
• Proactively identify new and modified China Cybersecurity data compliance requirements covering data protection to include personal information and important data protection (as defined by the government), and facilitate development of pragmatic solutions

Program Governance

• Establish and maintain compliance with Classified Protection of Cybersecurity (CPCS) standards to ensure protection of important data, as applicable (e.g., maintain the related logs, enforce data classification, ensure backup and encryption)
• Serves as an internal expert on China IT Security and Compliance policies, guides local business with local law & regulations perspective. Understand, discuss, and advise on strategic priorities, concerns and key IT risks
• Partner with all IT and business functional team(s) and act in a consultative way to help improve the security posture and adherence to security policies and expected controls
Awareness and Communications

• Work proactively with relevant business leadership members, IT and or security board to ensure security, IT risk and compliance is actively built into the organization objectives and procedures
• Manage, guide, and supervise security protection efforts for critical information infrastructure operations

Metrics and Reporting
• Provide regular, timely reporting on the information security status, and provide regular metrics and reporting to the leadership team with a focus on continuous improvement.
• Conduct proactive audit on SOPs/IOPs and execution to reduce the security risk. Job Requirements Include

Education& Qualifications:
• Bachelor’s degree or higher in Information Technology, Computer Science, Engineering, Business or equivalent is required.
• Proficiency in both spoken and written English and Chinese
• 8+ years of related work experience in Information Security, Privacy, Risk Management & Audit
• Strong understanding of applicable and accepted security and audit frameworks (such as COBIT and ISO), laws and regulations (China Cybersecurity Law, GDPR) & IT general controls
• Strong working knowledge in Pharma, Diagnostics, Research and Development, and Manufacturing or related experience
• Solid understanding of Data management, governance and the protection of key business information assets.

职位编号: 12058

需要帮助?

请随时联系我们

Job application

你正在申请以下职位: Information Security Director 当你提交申请后,我们将向招聘方展示你的简历,但不能承诺应聘成功。

本地上传

申请完成!
感谢你提交申请,我们会尽快与你联系!.