Your new company
A Global Leading firm
Your new role
The Director of Information Security, will report to global CISO, serve as the security leader and Security point of contact for China. You will work out of our Shanghai office and you’ll be accountable and responsible for providing guidance and to make broader security decisions to protect and enable organisation in China.
What you’ll do
As a leader you will be responsible for risk-based programs and mitigation strategies that protect from reputational and technical risks, meeting and/or reconciling regulatory, Firm and industry best practice requirements.
With a high level of business acumen, you will demonstrate the ability to work effectively within an environment that needs to often balance opposing requirements and ambiguity.
You’ll be tasked with creating and driving the China Information Security strategy that respects the unique requirements of the region whilst meeting the broader firm Information Security strategy.
You will establish and execute the strategic and comprehensive information security program and plans that are required for China and ensure that these programs commensurate with the risk requirements while meeting the broader firm risk requirements, information security strategy and goals.
You’ll develop and maintain any required information security policies, standards, guidelines for China and oversee the dissemination of them. While managing a group of local security experts you’ll provide the leadership and guidance on information security topics, advise, and collaborate on security processes.
As part of this leadership opportunity, you’ll provide regular reporting on current state of information security programs to the CISO and other senior managers as appropriate, including establishing metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the program.
This will include liaising with relevant business units and stakeholders needed to ensure that the Firm maintains a strong security posture.
What you'll need to succeed
- BSc/MSc in Information Security, Computer Science or other technical discipline.
- Deep knowledge of the information security landscape in the Asia Pacific region
- Extensive experience in China, especially of the regulatory landscape
- Experience engaging directly with senior stakeholders.
- 5+ years of Senior Security experience and direct experience leading a team of security professionals
- Understanding of a range of enterprise IT and cloud-based architectures and technologies, such as networking, server infrastructure, operating systems, web applications, databases, containerization, mobile within the Asia Pacific region.
- Working knowledge of common information security controls, guidelines and standards, such as ISO27001, OWASP, SOC 2, NIST.
- Excellent interpersonal skills including persuasiveness and/or assertiveness skills.
What you need to do now
- Strong written and verbal communication with the ability to converse effectively at all levels of seniority, both internally and externally.
- Experience of conducting risk assessments threat modelling and information security reviews, and audits.
- Experience with security technologies and tooling, e.g. vulnerability scanners, firewalls, network monitors, IAM, SIEM, IDS/IPS.
- Knowledge of Privacy and Data Protection regulations, e.g. GDPR, CCPA, HIPAA.
- CISSP, CISA, CIPP or other security/privacy related certifications
If you’re interested in the role, please contact our consultant Shawn Cong for more details, sending your CV to E-Mail Shawn.Cong@hays.cn [mailto:Shawn.Cong@hays.cn] or contact 021 2322 9757 for immediate response. #1227194