Responsibilities:
Lead the development, implementation, and continuous improvement of the enterprise policies, standards and framework for governance, risk & compliance.
Drive and oversee IT & Information Security compliance programs under Technology and Information Security Oversight function, ensuring alignment with regulatory requirements and industry best practices.
Manage relationships with key stakeholders and external auditors, ensuring timely and accurate documentation, scoping, testing and remediation of technology and security controls.
Work with different stakeholders and external auditors to obtain and fulfill evidence requests as per the timelines committed.
Validate the key controls with the stakeholders on a periodic basis to provide an early warning to management for timely correction and remediation action.
Assess audit findings / gaps including control weaknesses in coordination with different stakeholders and assist with development of management action plans.
Provide control consulting services to control owners and assist in redesigning the efforts that improve/automate the control environment.
Partner with internal colleagues to understand expectations for managing cross-functional risks and dependencies; deploy processes to comply with policy expectations which may require implementation of required controls and on-going monitoring & reporting.
Oversee the management and reporting of tech risk management, compliance documentation and the governance of overall governance of IT and security.
Work with different teams to organize and manage security related inspections.
Work with different teams to lead a virtual data cross border working group and respond data cross-border request from business areas.
Qualifications:
Bachelor’s degree in computer science, Engineering, or Information Management Systems.
5+ years of experience in IT/Technology/Information Security Internal Audit or consultancy.
Deep expertise of international standards and Chinese regulations (e.g., CSL, DSL, MLPS, CBDT, UPI-DSS etc.), with the ability to evaluate, design and recommend best approach to mitigating risk effectively.
Proven ability to engage and influence stakeholders at all levels of the organization to organize, drive and communicate results.
Experience operating in a fast-paced environment, managing multiple complex projects simultaneously, with a strong sense of urgency and ownership to drive issues to completion.
Possess good oral and written communication skills and the ability to work with other departments and varying levels of management.
Self-motivated and results-driven, with the ability to work independently, consistently delivering high-quality outcomes.
Bachelor’s degree in computer science, Engineering