Lead, TPRM Risk and Compliance (Able to Communicate with China)
Salary undisclosed
Apply on
Original
Simplified
- Strong global presence|Good Career Advancement
Global Technology Center as a start-up with the backing of the world's top luxury beauty company.
Job Description
- Partner with TPRM program key stakeholders to ensure the appropriate due diligence is conducted based on global and regional compliance requirements.
- Ability to understand details of vendor's cybersecurity program and identify where gaps exist with internal company policy requirements.
- Cybersecurity technical expertise to review vendor attestations (e.g., SOC1/SOC2, Vulnerability Scan, Penetration Testing, PCI DSS, ISO 27001, etc.) and identify potential gaps or control weaknesses.
- Familiarity with China Privacy Laws and Cybersecurity regulations such as Personal Information Protection Law (PIPL), Data Security Law (DSL), Multi-Level Protection Scheme (MLPS) 2.0, and Cybersecurity Law of China (CSL).
- Familiarity with Frameworks such as NIST CSF, OWASP10, ISO, ITIL and CMMI.
- Familiarity with SaaS and COTS based applications and the unique risks associated with each use case.
- Awareness of emerging cybersecurity threats including zero-day vulnerabilities, supply chain, and iOT related risks
- Ability to clearly articulate the potential implications of cybersecurity risks to less technical users.
- Update IT policies, standards, and Standard Operating Procedures.
- Ability to triage use cases and prioritize due diligence activities based on the vendor's inherent risk profile.
- Ability to effectively communicate (verbal and written) technical subject matter clearly and succinctly in both Chinese and English
- Produce risk assessment reports and effectively communicate and collaborate with vendors to implement remediation responses.
- Effectively collaborate with cross-functional, interdisciplinary teams, such as Procurement, Supply Chain, R&D, Legal and Privacy to conceptualize and require contract security provisions for remediation of risk identified in vendor assessments specific use cases and third-party engagements.
- Experience with industry-recognized Cybersecurity and Governance, Risk and Compliance (GRC) systems and applications such as Process Unity, CyberGRX, BitSight and Recorded Future along with familiarity with Shared Assessment methodology.
- Able to develop effective, collaborative relationships with all levels of internal and external stakeholders.
- Embraces and Initiates Change: Distinguishes what to preserve and what to change. Has the courage to initiate and lead the changes that drive success.
- Builds Collaborative Relationships: Builds relationships based on trust and respect. Promotes the inclusion of diverse knowledge, skills, and experiences to achieve results.
- Demonstrates Learning Agility: Ability to anticipate change, face reality, draw conclusions, and swiftly mobilize to adapt to changing needs and demands.
- Strives for Excellence in Execution: Proactively seeks ways to improve personal and organizational effectiveness to meet current and future business needs. Learns equally from successes and failures.
- WE DO NOT CARE about your racial or religous backgrond, as long as you can speak, read and write in madarine and communicate with CHina staekholders, WE WANT YOU!
- Hybrid working environment
Quote job ref: JN-092024-6528186
Similar Jobs