Shanghai
Information- & IT-Security Officer
As a successful family-owned company on a path to global growth, the Brose Group offers challenging responsibilities and exciting career opportunities to performance-driven, skilled specialists with solid professional knowledge and proven career expertise who wish to contribute to our company’s success.Your tasks
- The role acts as the regional interface for customer and legal audits in relation to the company’s Information- & IT-Security policies and any standards used in the company, such as ISO27001, TISAX.
- The role tracks the growing requirements of China cybersecurity, and works with the Group Information- & IT-Security team to implement a series of policies and technical controls to comply with China law regulations and customer-specific requirements.
- The role collaborates with local Information security officers & local data protection coordinators to implement controls that meet agreed policies and standards for information security within the region, and establishes cross-functional information security cooperation to extend the governance.
- The role provides security consulting suggestions to meet country-specific issues, participates in the Security Architecture process, and ensures that security controls are embedded into the evaluation, selection, configuration, and operation of the entire solution.
- The role ensures day-to-day delivery of IT security operations on IT infrastructure, datacenter, and applications over the region, conducts or supports penetration tests, vulnerability assessments, or application security assessments to the local environment, and contributes to various security programs like security incident/events, security awareness, approval process, etc.
- The role acts as the regional point of contact for Information- & IT-Security, ensures regional communications and rollout of training on global/local policies, standards, procedures, certification, provides Information- & IT-Security consulting also to Brose JV companies over the region, and supports the global team for the implementation of Information- & IT-Security projects.
- The role leads and collaborates with corresponding local, regional and global departments to build up the policies, procedures, and process related to data protection, and implementing the assessment related to Privacy Impact Analysis and Cross-border data transfer for existing and future scenarios and application systems.
- The role also includes the development of a training concept about data protection topic on handling personal information, the implementation of training module and requirements, and providing technical steering for any matters with regard to data protection requirements.
- The role encompasses project management of data compliance initiatives in a complex scope with different business departments, providing advice upon request in relation to data protection assessment, consultation and monitoring relevant execution, and monitoring the company’s personal information protection policies while periodically conducting review activities.
- The role involves cooperating with regulatory authority regarding data protection to comply with authority’s requirements, monitoring the government authority’s new laws and regulations and applying it to take account into the company’s compliance level, planning in the development of data protection audits in China, and providing reports to CN management.
Your Profile
- Good and broad general IT knowledge.
- Good knowledge and experience on IT & Information security management (relevant topics like SIEM, SOC, ISMS, etc.)
- Good knowledge and experience on personal information protection management (relevant laws like GDPR, PIPL)
- Certifications in area of information security as CISSO, CISM, etc. are an advantage.
- Experience in coordinating between cross-functional teams
Chenli Han
(+86) 2139574382