> Acts as central PCIS CISO key contact for central security policy deployment
> Coordinates all actions related to China Cybersecurity Law compliance; Works closely with IS and IT teams to implement all changes aiming at securing LVMH P&C China information system. Acts as a Data Protection Officer with Chinese authorities (Public Security Bureau)
> Collects business issues, identifies security requirements (arisen from risk assessment and legal, regulatory, and contractual requirements) and specifies a security strategy that reflects business objectives. Defines some custom policies and procedures in addition to and in accordance with the Group security policy and procedures;
> Ensures that security risks are appropriately addressed. Performs global and on-demand risk assessment (analysis and evaluation) for each new project (application or system implementation) or a major upgrade. Selects appropriate controls and proposes risk treatments plans.
> Defines, proposes and coordinates annual security action plans including organizational, contractual and insurance-related measures and measures related to applications, infrastructure and IT services.
> Specifies security requirements. Studies security solutions and makes recommendations. Prevents obsolescence of security solutions and services. Gives advices about security to Business, Risk & Assurance, Legal, HR, Safety, IS&T and Digital Departments.
> Specifies requirements for business continuity and disaster recovery plans.
> Participates in the selection of solution and the negotiating process with 3rd party. Contributes to security clauses in agreements.
> Manages the requests for exceptions.
> Coordinates the security incidents management process including cyber crisis with a periodic review of the significant security incidents; Contributes to a decision-making crisis unit. Notifies the key stakeholders (China CFO, China COO, Brand General Managers, PCIS CISO, Regional CTO, etc...) about critical incidents. If relevant, contributes to work with relevant authorities (ministries, police, justice).
> Specifies and coordinates technical and organizational security audits and reviews for internal and outsourced systems and applications, in order to check internal and legal compliance, and measure efficiency of the implementation of the policy;
> Provides maturity assessments and dashboards;
> Improves security awareness and manages communication plan to promote security;
> Is engaged in technology watch; Has contacts with special interest groups and professional associations.
> Key technical skills include:
- The ability to quantify the risks different IT architectures, and then communicate to other executives how to manage that risk.
- The ability to work with data scientists to detect and respond to threats.
- The ability to oversee pen testing to find vulnerabilities in all elements of a security system.
- Disaster recovery, including detecting an intrusion, isolating it and neutralizing it before it can cause further damage.
- Data and information management, including classification, retention and destruction. It also means keeping corporate and personal data both private and secure while needed, and destroyed when it is no longer needed.
- Digital forensics, which means finding out what allowed an intrusion to occur so it can be prevented in the future.
- Security information and event management (SIEM) expertise.
- Knowledge of all applicable laws and compliance frameworks to enforce compliance.
> General skills include:
- Communication and presentation, to be both the subject matter expert and advocate for risk management in the executive suite.
- Policy development and administration.
- Planning and strategic management.
- Leadership, collaboration and conflict resolution.
> Bachelor degree or above in IT/IS
> 7 years' experience in international company
> Fluent English and Mandarin