Shanghai, China
Information Security Manager
Job Description (Not for posting)
- Be the organization’s representative for China Cybersecurity matters
- Lead the ooverall Information Security posture assessment, Control dashboard, Maturity and Capability Level.
- Support the Risk Management and Legal & Compliance department on China Cybersecurity Law, GDPR, Data security, PCI-DSS, etc.
- Review/maintain the IT Security policies, standard, Guidelines and procedures.
- Manage and maintain the Risk Register and Risk Assessment, Identify and assess risks and work with internal and external stakeholders to develop mitigation plan.
- Support the Senior Management in discussion with authorities when necessary.
- Work with IT and Business to ensure the security and privacy assessment are performed throughout the project lifecycle.
- Interface with company internal or external auditors
- Lead the awareness program for DFS employees.
- Other duties as assigned.
Job Description
Purpose and Objective of Position
DFS is embarking on transforming its retail stores into smart stores that leverage technology to improve customers experience, drive sales and conversion.
The ideal candidate that DFS is looking for, would be fresh, energetic, technology savvy with a “can do” spirit and work on a wide range of IT Security project. Project could be office, store or data center, covering all DFS location across the world. Quick learner of various store business functions and operations, great interpersonal relationship skills with the business users and management, understand what works and what doesn’t, work with global IT team(s) to recommend appropriate alternatives or solutions.
Essential Job Duties and Responsibilities
- Be the organization’s representative for China Cybersecurity matters
- Lead the ooverall Information Security posture assessment, Control dashboard, Maturity and Capability Level.
- Support the Risk Management and Legal & Compliance department on China Cybersecurity Law, GDPR, Data security, PCI-DSS, etc.
- Review/maintain the IT Security policies, standard, Guidelines and procedures.
- Manage and maintain the Risk Register and Risk Assessment, Identify and assess risks and work with internal and external stakeholders to develop mitigation plan.
- Support the Senior Management in discussion with authorities when necessary.
- Work with IT and Business to ensure the security and privacy assessment are performed throughout the project lifecycle.
- Interface with company internal or external auditors
- Lead the awareness program for DFS employees.
- Other duties as assigned.
Key Requirements
Knowledge, Skills and Abilities Required
- Educational Requirements: Degree in Computer Science, Computer engineering or any related fields or related work experiences in Cybersecurity.
- Work Experience: Minimum 8 years
- Licenses/Certifications required: CISSP, CISM, CISA, CDPSE, CIPP CIPM, or other security/privacy certifications
- Critical knowledge & skills including tools, software applications, language, etc.
- Demonstrates thorough abilities and/or a proven record of success in the following areas:
- Experience with Security, Data Protection, Risk Management and Response.
- Comfortable talking with people from different departments both Business and technical IT.
- Hands-on experience on data privacy laws such as GDPR, China Cybersecurity law, PIPL.
- Solid understanding of PCI DSS, ISO27001/ISO270002, NIST, COBIT or other IT governance best practices.
- Strong English and Chinese languages are required – written and verbal
Other Qualifications / Core Competencies
- An outcome-focused mindset who can translate the business requirements into deliverable actions.
- Team player and able to collaborate across diverse stakeholders to achieve security objectives.
- An ability to learn quickly and successfully adapt to rapidly changing technology.
- Knowledge of current IT industry trends and solutions
- Self-motivated, with ability to work independently.
- Good judgement
Working Conditions / Environment
- This role is based in Shenzhen or Shanghai , but occasional travel may be required.