Job Description:

• Oversee Information Security Management by addressing threats and incidents, and driving effective remediation efforts.
• Collaborate with the Legal team to identify and implement compliance actions for information management and protection laws and regulations.
• Monitor, track, and manage internal and external compliance requirements (e.g., PCI, Data Privacy) to ensure adherence to established policies, procedures, standards, baselines, and controls.
• Develop and maintain a comprehensive information management and protection framework to support a robust company-wide governance program.
• Lead information security awareness initiatives and provide training to all employees.
• Offer guidance and support to employees through training programs that foster a culture of security and promote best practices within the organization.
• Manage daily security operations, including conducting vendor and privacy security assessments, enforcing company policies, and communicating updates related to the information security program.
• Support and align with Information Security requirements across various business units.
• Collaborate with local ISO members in different regions as part of a regional ISO team.
• Respond to security incidents involving personal or confidential information, system breaches, local employee data leaks, and physical security breaches.
• Oversee security for warehouse networks, systems, and physical environments.

Requirements:

• 4-5 years’ experience in a cybersecurity role, particularly in incident response and information security government policy.
• A degree in IT, Security, Computer Science, or a related field.
• Solid knowledge and experience in information risk assessment and compliance requirements.
• Familiarity with information security frameworks and applicable laws, regulations, and standards related to security and data privacy.
• Strong understanding of information security governance frameworks such as ISO 27001 and ISO 27701, NIST CSF, etc.
• Preferred experience in conducting risk analysis for cyber threats.
• Relevant technical or security certifications are a plus (e.g., CISA, CISM, CISSP, SANS, GIAC).
• Proficiency with common security platforms, including Microsoft Office 365 and networking solutions.
• Experience in developing and enforcing security policies and procedures.
• Exceptional communication skills to articulate complex security concepts to both technical and non-technical audiences.
• A proactive and adaptable approach, with a commitment to staying informed about emerging threats and technologies.
• Fluency in English and Chinese (Cantonese and Putonghua) is required.

Interested candidate, please share your CV to [via CTgoodjobs Apply Now] or reach out to 3915 0224 for a further discussion.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.