-
Boston Consulting Group Xuhui Qu, 中国WHAT YOU'LL DO · Participate as an integral part of the Cyber Security Incident Response TeamSupport cyber incident response actions to ensure proper assessment, containment, mitigation and documentation · Support cyber investigations and contribution to large and small scale co ...
-
Boston Consulting Group Xuhui Qu, 中国WHAT YOU'LL DO · Under the general direction of the Information Security Director – Incident Response or delegate and working with other Risk, IT, BST, etc. colleagues across the firm, the roles will perform the following functions: · Participate as an integral part of the Secur ...
-
Philips Shanghai, 中国 全职Job Title · Regional Security Officer Physical & Personnel Security Gr China & JapanJob Description · Philips is a global leader in health technology, committed to improving billions of lives worldwide and striving to make the world healthier and more sustainable through innovati ...
-
Systems Engineer
6小时前
Palo Alto Networks Shanghai, 中国 全职Company Description · Our Mission · At Palo Alto Networks everything starts and ends with our mission: · Being the cybersecurity partner of choice, protecting our digital way of life. · Our vision is a world where each day is safer and more secure than the one before. We are a ...
-
IQVIA Shanghai, 中国 全职Job Overview · Serves as the Data Protection Officer and Data Security Officer overseeing IQVIA Research and Development Services data processing and protection. · Essential Functions · • Assess and define the organization's current and future information security and personal in ...
-
Astellas Pharma Inc. Shanghai, 中国开发创新疗法是科学领域中最具挑战性、最重要和最有个人价值的领域之一。在我们追求将创新科学转化为患者价值的过程中,成为安斯泰来的一员是一个令人兴奋的时刻我们是一家拥有独特的合作和以患者为中心的文化的公司。现对以下职位进行公开招聘,欢迎符合条件的候选人投递简历。 · Location: Shanghai · Responsibilities: · -China-Specific Security Strategy: Develop and execute a security strategy for China that aligns with the o ...
-
HSBC Shanghai, 中国 Permanent - 全职Digital Business Services (DBS) · HSBC Digital Business Services is a pivotal part of the Group, providing essential operational and technical support to our global businesses and helping improve customer service and efficiency. We combine global expertise and technology to help ...
-
Philips Shanghai, 中国 全职Job Title · Senior Information & Supplier Security OfficerJob Description · Job DescriptionPosition Summary: · This role is all about managing Philips' Security posture in a connected ecosystem of partners, suppliers and potential new acquisitions. It is safeguarding Philips' bus ...
-
Corporate Shanghai, 中国 全职JOB SUMMARY · : The GC security GRC senior manager is a Shanghai-based position that is part of APAC GIS team and focuses on security governance, risk and compliance matters for GC region. This role is as a core member of the GRC team that will mature the Company's cyber regulati ...
-
Corporate Shanghai, 中国 全职JOB SUMMARY · Lead and manage security architecture and engineering team in Great China. Performs certification of Security Control attestations and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, ...
-
Stryker Shanghai, 中国 全职Why join Stryker? · We are proud to be named one the World's Best Workplaces and a Best Workplace for Diversity by Fortune Magazine Learn more about our award-winning organization by visiting · Our total rewards package offering includes bonuses, healthcare, insurance benefits, ...
-
thyssenkrupp Presta Shanghai Co Ltd Shanghai, 中国 全职Your responsibilities · Job Description: · Coordinating of all relevant security activities in the region and providing support / consultancy when needed · Frequent adjustment with and regular reporting to all relevant functions / departments / business partners - Organization ...
-
Donaldson Shanghai, 中国 全职Donaldson is committed to solving the world's most complex filtration challenges. Together, we make cool things. As an established technology and innovation leader, we are continuously evolving to meet the filtration needs of our changing world. Join a culture of collaboration an ...
-
McKinsey & Company Shanghai, 中国You'll act as the point of contact in China Cybersecurity team to collaborate with Global Intelligent Threat Management to govern security operation posture of China IT assets.You'll partner with local product and global technology teams to remediate issues been identified and re ...
-
Johnson & Johnson Shanghai, 中国 OTHERMain responsibilities · The Senior Privacy manager of Johnson & Johnson (J&J) in China is responsible for providing practical, timely, strategic, and high-quality counseling on applicable cybersecurity, data security and other related laws, regulations & guidelines with a focus ...
-
Eraneos Shanghai, 中国 全职What you will find with us · We are the cybersecurity spin-off from a globally operating boutique consultancy based in Hamburg. We primarily advise DAX and Fortune 500 companies on cybersecurity with in-depth expertise. We offer prospective employees an international work environ ...
-
Liebherr Group Shanghai, 中国 全职Your responsibilities · Support company security officer to establish Information security and IT compliance framework, procedures, and governance rules within area of responsibility based on functional requirements of the business owners. · Standardization of processes, SOPs & ...
-
Bureau Veritas Group Shanghai, 中国 固定期限合同Job Responsibilities: · Develop and execute information security and cyber security strategies, including the establishment and formulation of new systems. · Conduct security risk assessments and vulnerability analysis for customer, and propose appropriate security solutions. · C ...
-
TecAlliance Shanghai, 中国 全职TecAlliance interconnects entirely global automotive aftermarket data & knowledge from order to invoice. Over 900+ colleagues work relentlessly globally together in 140 countries and counting. We are owned by 34 automotive companies like Bosch, Continental, Rheinmetall, or ZF and ...
-
ZF Group Shanghai, 中国Your tasks · Support the implementation of cyber security processes at CVS with the guide of a Cyber Security coach · Keep CVS up-to-date regarding cyber security trends and emerging technologies · Interacting with customers and suppliers to finalize security concepts · Your pro ...
Senior Manager, Information Security - Shanghai, 中国 - VF Corporation
描述
Let's Talk about the Role
The Cyber Security Senior Manager will support VF's Global Cyber Security Team by ensuring that information security risks associated with complex business operations are within acceptable tolerances.
You will perform information security risk assessments, provide direction and guidance to stakeholders concerning the handling of security risks associated with assessment findings, assist with the design of appropriate risk mitigation strategies, and serve as an audit quality assurance gate for internal and external auditors while driving compliance and audit work related to data privacy.
How You Will Make a Difference
You will achieve this by:
· Conduct the annual MLPS audit for 6 critical applications in VF China;
· Work together with vendor and internal team to review the existing system settings against MLPS standards, take remediation prior to/after onsite audit, make sure VF China pass the audit with increased audit scores.
· Work together with legal/compliance team to follow up on related updates of regulatory requirements regarding CBDT and data privacy, and make sure necessary actions are taken to address the changes
· Support global team to conduct the PCI audit project in APAC region, including store sampling, interview arrangement (translation), supporting preparation, clarification, etc.
· Work together with retail operation team to ensure the remediation actions are taken properly, i.e. updating of SOP, training enhancement, etc.
· Prisma China license purchase
· Follow up on the findings from Cloud Security Assessment project
· Monitor the active tickets on ServiceNow to make sure they are followed up timely by responsible personnel.
· Make sure the PO contact list is up to date.
· If needed, work together with vendors/in-house developers to make sure the remediation is well implemented.
· Conduct the vendor assessment with RSAM and Idea portal
· Besides the RSAM/idea portal review, enforce ""security by design"" by being part of the application development and sprint to ensure that security is in all phases of the application development lifecycle
· Arrange prior go live scanning and ensure all critical/high issues are fixed system launch
· Participate in the various milestones of project implementation to support the remediation of gaps
· Review RPA/AI related features according to VF standards
· Support the usage of MIP in APAC
· Collect the user feedback and support the continuous improvement
· Support the phishing simulation in APAC
· Based on the result of simulation, work together with SETA team to improve the reporting rate
· Support global SETA team on the CSAM related activities.
· Support the roll out of security training in APAC
· Support the completion of security awareness training and make sure the coverage
· Work together with legal team to hold the Data Privacy and InfoSec SteerCo Meeting on a regular base
Skills for Success
A formal education and subsequent University Bachelor or Master's degree in information systems, computer science, or related field are preferred, but we are most interested in your total experience and professional achievements. That's why:
· You rely on 5+ years of information security risk management, IT audit, and/or IT controls design and implementation experience.
· You possess a Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar credentials.
· You are familiar with industry best practices related to security and data privacy in Cloud environments.
· You have functional understanding of industry frameworks, regulations, legislation, and audit methodologies, including SOC 1, SOC 2, ISO 27001, SIG, NIST Cybersecurity Framework, Sarbanes-Oxley (SOX), PCI-DSS, MLPS and various other privacy laws.
· You are apt to broker complex discussions to achieve the proper balance between business needs and cybersecurity best practices.
· You possess the ability to influence others through persuasion to arrive at desired outcomes.
· You communicate effectively with a broad range of people and roles, including vendors, information technology professionals, and other business personnel.
· You desire to seize the initiative, operate proactively, and work in a highly independent manner.
· You are fluent in English and Mandarin, any other Asian languages are a plus.
R
