A CSPO manages local ICT cyber security and privacy protection business in a unified manner. In addition to business compliance, a CSPO improves internal cyber security and privacy protection capabilities and builds trust in cyber security and privacy protection with external stakeholders to facilitate business success of the rep office/country.
- Insight and business planning: Gain insights into local laws and regulations, understand the security and privacy requirements of local governments, regulators, and customers as well as local industry best practices, and develop local business budgets and plans.
- Policy and process adaptation: Implement security and privacy policies locally, optimize local business directives and relevant processes, provide supervision and guidance, and organize the implementation.
- Compliance and risk control: Use risk control methodologies to identify local security and privacy risks, develop and implement compliance and risk control solutions, establish crisis management plans (CMPs), and properly handle crises.
- Communication and trust building: Proactively identify external stakeholders, work with business departments to establish mechanisms for routine communication with local regulators, customers, industry organizations, and standards organizations, and organize mechanism implementation.
- Organization and capability building: Build local security and privacy organizations, improve local security compliance awareness and professional capabilities, and assess and promote the improvement of capability tools provided by the HQ.
- Bachelor’s degree or above in Cyber Security/ Information Security/ Computer Science or Information Technology related field
- Knowledge: Be familiar with different cyber security or privacy protection standards and certification frameworks in the industry, and be adept at analyzing policies, laws, and regulations. People with external certifications such as CISSP/IAPP are preferred.
- Capabilities: Insight and planning: Gain in-depth insights into and understand local security and privacy laws/regulations as well as local organizations' security and privacy requirements, and integrate them into business plans.
- External communication: Deliver speeches and presentations as a spokes person, and effectively communicate with local security and privacy regulators, industry and standards organizations, and customer organizations.
- Connection and execution: Be result-oriented and capable of cross-department collaboration, coordination, and promotion.
- Learning: Always be ready to learn and be capable of identifying own professional and business capability gaps and quickly bridging them through self-learning, training & practice, etc.
- Business understanding: Have a deep understanding of business requirements, and properly manage security and privacy risks in business to safeguard business success.
- Successful cyber security and privacy protection experience in large enterprises or regulators of the local ICT industry as well as industry influence; or long-term business management experience (solution sales, delivery and service, public relations, compliance management, etc.)
- Appropriate experience in external communication (including communication with the government, media, industry, and customers)
- Successful experience in department management and cross-cultural team management (preferred); influence and impetus in regions/rep offices
WORKING TIME AND BENEFITS:
- Monday to Friday (08:30-18:00).
- Participating in full insurance benefits (health insurance, social insurance, unemployment insurance), the company supports 24/24 accident insurance and health care insurance for employees.
- Professional working environment, multinational company, good career development opportunities. Cultural and sports activities, taking care of employees' health and life are organized periodically...
- Salary: negotiable.