• This is a governance lead role with global coverage. Both technical and managerial competencies are required to fulfill this role.
• The key focus of this role will be in governance, risk management and compliance
• Oversee ISMS, MLPS 2.0 and SOC2 accreditation and maintenance.
• Develop, improve, and maintain IT security policies, standards, guidelines, processes, baselines, and frameworks.
• Support the information security risk management and monitoring of IT governance alignment.
• Ensure compliance to regulatory and contractual requirements
• Provide policy liaison support, including communication and interpretation of policy requirements, organizational implementation.
• Conduct internal reviews and support external audits, data protection reviews.
• Support countries’ Data Protection and Privacy matters, including LOB DPOs and cooperating with authorities.
• Support security steering committee meetings and management reporting.
• Where required, provide second level global RFP support and customer presentations
• Track and monitor applicable regulatory advisories and circulars
• Provide training and awareness education
• Provide IT security advisory to business unit IT teams globally and internal IT projects
• Perform evaluation of technology and solution vendors for internal IT projects.
• Additional security projects as required by senior management.

Qualifications:
• Bachelor’s degree in Engineering or Computer Science, with at least one industry recognized certification such as CISA, CRISC, CGEIT, CISSP, CIPM etc. or equivalent.
• Master’s degree an advantage.
• Minimum 8 years’ experience, over 5 years in IT security with at least 2 years in a governance related role
• Strong information security knowledge of various jurisdiction regulations such as PDPA, GDPR, China Cybersecurity law, Data Security law, PIPL etc. as well as industry best practices such as ISO27001, NIST, CIS Controls, and CCSK.
• Experience with risk assessments, internal quality control activities, and monitor follow-up actions, including post-security findings and audits.
• Experience handling IT security incidents and conduct investigation and necessary follow-up actions including containment, recovery, and preventive actions
• Experience supporting large commercial organizations with numerous global sites and technology setups would be an advantage.
• Strong analytical skills with excellent communication in English and Chinese
• Experience with staff awareness training of IT security and data protection.
• Able to mentor and provide guidance to direct and indirect team members