开发创新疗法是科学领域中最具挑战性、最重要和最有个人价值的领域之一。在我们追求将创新科学转化为患者价值的过程中,成为安斯泰来的一员是一个令人兴奋的时刻!我们是一家拥有独特的合作和以患者为中心的文化的公司。现对以下职位进行公开招聘,欢迎符合条件的候选人投递简历。
Location: Shanghai
Responsibilities:
- China-Specific Security Strategy: Develop and execute a security strategy for China that aligns with the organization's global security objectives while addressing region-specific risks, compliance requirements, and emerging cybersecurity threats.
- Cybersecurity Compliance: Ensure compliance with China's cybersecurity laws and regulations, including but not limited to China Cybersecurity Law (CSL), Data Security Law (DSL), Cross Border Data Transfer (CBDT), Classified Protection of Cybersecurity (“CPCS”), National Cybersecurity Standards, Personal Information Protection Law (PIPL), and any other relevant mandates governing the secure handling, storage, and transmission of data and information within China. This includes compliance in areas beyond governance and risk.
- Risk Management/Risk Framework: Establish and lead a comprehensive risk management framework specific to China, identifying, assessing, and mitigating security risks within the Chinese operations.
- Information Security Officer (China): Act as the Information Security Officer for China, serving as the primary liaison between local functions, audit, internal audit, regulators, and other relevant stakeholders within the Chinese context. Support the E&C Data Privacy Lead in China in conducting the security sections of Data Protection Impacts Assessments and/or Cross Border Transfer Assessments and other privacy related requirements.
- Interface for Audit, Internal Audit, Regulators, etc. (China): Act as the main point of contact for audit activities, internal audit assessments, and regulatory engagements in China. Provide accurate and timely information related to security assurance, risk management, and security improvements specific to the Chinese market.
- Incident Response and Reporting: Develop and oversee incident response plans and processes specific to China, ensuring that any security incidents or breaches are reported to local authorities in compliance with Chinese regulations.
- Internal Control Testing: Independently carry out internal control tests of ITGC (Information Technology General Controls) related information systems, identifying potential problems and risks, and providing optimization suggestions.
- Security Assessments: Complete various types of cybersecurity assessments, including internal and external assessments.
- Secure Asset Management (China): Develop and implement strategies for the secure management of Astellas' assets in China, including data, information, and infrastructure. Ensure the resilience and availability of critical assets within the region.
- Security Contractual Language (China): Develop, oversee, and implement security contractual language in agreements with external vendors and partners in China. This includes not only compliance aspects but also security enhancements specific to the region with the local legal framework.
Qualifications:
• Bachelor's degree and at least 8 years of experience in information security, risk management, or a related field, with a minimum of 5 years in a leadership or managerial role.
• Deep knowledge of China's cybersecurity laws, regulations, and industry-specific compliance requirements and first-hand experience complying with CSL, DSL, PIPL, CBDT, and CPCS.
• Experience navigating organizations through the approval and audit processes necessary for compliance activities (e.g., products obtaining CPCS, organizational approval of CBDT submission).
• Proven experience in implementing and managing security assurance and risk management programs within the Chinese market.
• Strong understanding of cybersecurity risk assessment methodologies and industry best practices applicable to China.
• Excellent knowledge of cybersecurity frameworks, such as NIST CSF, ISO 27001, or similar, within a Chinese context.
• Demonstrated ability to effectively interface with internal and external stakeholders, including auditors and regulators, in China.
• Experience in managing security-related vendor contracts and agreements within China.
• Strong leadership and team management skills, with a focus on talent development and performance management.
• Excellent communication and presentation skills, both written and verbal.
• Proficiency in spoken and written Chinese (Mandarin) to effectively communicate and navigate the local regulatory landscape.
• Preferred Advanced degree (Masters; Ph.D.) in Information Security, Computer Science, or a related field.
• Relevant certifications such as CISSP, CISP, CISA, CISM, or similar.
职位申请:
简历接收邮箱: [email protected] (邮件主题:应聘岗位-姓名-地区)