Information Security Governance, Risk and Compliance Analyst, China

Flight Centre Travel Group
Shanghai, China
Industry : Travel Agent or Tour Operator
Sector : Travel Agent (Retail/Leisure)
Function : Information & Technology
Type : Full time

Job Description

The GRC Security Analyst China will plan and implement policies, procedures, standards, and controls to govern the protection of the company’s information systems, networks, and data. The GRC security analyst will stay up to date on the latest cybersecurity intelligence to modify standards and controls that govern cybersecurity across the corporation and to oversees effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and development of policies, standards, and guidelines
The GRC Security Analyst will be responsible for updating and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e., ISO27001 China CSL/MLPS2.0, ISMS, Payment Act, PCI-DSS, PIPL, AML/KYC) through strategy development, controls definition and assessment and process oversight.
The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program as well as handling Compliance and security requests coming from Business and customers (Eg. RFP, incidents, communication)
The GRC Security Analyst updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. The incumbent works with internal, regional, Global teams, external providers to provide supportive documentation as applicable.
Key Responsibilities
Establish policies, processes, and procedures in line with local and international regulations
Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Company business objectives.
Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts to bring visibility and transparency.
Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Privacy data, and Payment Card Industry Data Security Standards (PCI DSS).
Verify the security compliance posture against the regulations and standards and derive a security implementation plan for remediation
Liaise with all departments to identify, track, and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
Oversee third party assessment standards and privileged user monitoring as a check on critical system access
Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
Oversees and improves execution of Disaster Recovery Plan and BCP, Backup /restore policy (metrics, dashboard) in collaboration with ISS & IT Ops teams.
Trains, guides, and acts as a resource on security assessment functions to other departments within the Company
Key Competencies and Skills
Minimum 5 years working experience in IT/IS/Audit/Business/Technology
5 years in a security governance, risk, and compliance management experience
Experience in large scale audit or governance projects
Strong business-level Chinese and business-level English communication skill (in both written and verbal) is mandatory.
Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
Ability to collaboratively develop a risk strategy in conjunction with stakeholders
Strong analytical thinking, written, and oral communication and presentation skills
Broad understanding of security and privacy concepts
Ability to adapt and embrace change in a fast-paced, changing environment
Ability to effectively communicate and relate to all levels of the organization
Able to understand contracts and technical documentation and able to assess it for consistency and alignment with processes and controls outlined in requirements and audit materials
Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.) is preferred


Read Full Job Description
 
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
Close