Director Information Security Risk ISG PVH China

Profile

POSITION SUMMARY: 

The primary purpose of this position is to safeguard information system assets by identifying and solving potential and actual security problems in the region.

PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB: 

• Strategize the integration of China cyber security requirements to improve the security of the environment based on business use cases or changes in threat landscape.
• Strategize initiatives to streamline security operations and adopt new capabilities in the region to ensure regulatory adherence.
• Perform presentations to various regulatory bodies, IT functions and senior IT management teams.
• Promote security awareness to ensure system security and to improve compliance posture and capabilities.
• Direct the overall PVH Security China program, including creation of security patterns, guidelines, and system hardening requirements.
• Collaborate with global teams and communicate country risks to global leadership teams.
• Manage and oversee risks associated with Information Security Policies for China.
• Manage and oversee a China’s security requirements and collaborate with business leaders in the region.
• Lead the Information Security Risk Management function, including project security review, vendors risk review, and security awareness functions.
• Ability to lead teams and cross functional team in a matrix and global setting.
• Collaborate with Compliance and Legal teams for security control requirements and implementation for current (e.g. PIPL and PCI) and new regulations, including onsite assessments and self-assessment questionnaires as required.
• Liaise with key business stakeholders to influence business strategy and initiatives from an overall Information Security perspective.
• Be the primary contact for problem-solving Information Security Risk queries and concerns for China.
• Translate Information Security Risk to business impact statements.
• Lead the implementation of information risk management principles as part of the various front line IT projects, including reviews of all new 3rd parties and vendors
• Lead the security review of vendor contracts for key security clauses and implications.
• Provide advice and guidance on information risk matters involving legal or regulatory matters; escalates to senior leadership.
• Develop guidance and assist in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and legal counsel.
• Work with key business and IT teams to promote security initiatives, best practices, and general security awareness.
• Manage and develop cross functional teams to drive global capabilities that comply with local risk and compliance requirements.
• Development of Cyber Risk metrics and reporting, focused on active Cyber Risks as well as the efforts and results of the team.
• Maintain technical knowledge by attending educational workshops, seminars and reviewing publications.

__________________________________________________________

INTERNAL & EXTERNAL CONTACTS:

          

Internal:    Candidate will interact with various business and I.T. executives and support groups.    

      

External:        This position will be required to interact with external vendors, consultants, lawyers in regard to security issues around products or vendors that PVH has purchased or is considering purchasing to ensure they will meet PVH security requirements.   It will also be expected to maintain contact with special interest groups related to technical issues around Information Security.

_________________________________________________________

SUPERVISORY RESPONSIBILITIES:

Direct:     None.

     

Indirect:    None.

________________________________________________________________

BUDGETARY RESPONSIBILITIES:   

N/A

DECISION MAKING: 

This position requires the candidate to be able to make quality decisions of a risk and technical nature that will affect the security of PVH’s information security posture. Manage, coordinate, and refining the Cyber Risk program. Review of new vendor contracts for security clauses. Provide strategic risk guidance for IT projects and business projects.

RESOURCEFULNESS/CREATIVITY: 

A high degree of resourcefulness and creativity is required in this position to be able to meet the challenge of a constantly changing business needs and threat landscape. Develop new and exciting security awareness training content that is relevant to the business. Create new performance metrics to identify key risk indicators within the security department

ENVIRONMENT:   

In-office attendance and off-hours availability will be required for this position.

________________________________________________________________

QUALIFICATIONS & EXPERIENCE:

Experience:         

• 5-10 years of experience in an information security or risk management role    
• Experience managing and mentoring direct reports and staff
• Experience reviewing contracts for information security requirements and concerns.
• Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols

Education:           

• College degree is required
• Post-Graduate or relevant certifications are considered a plus.     

Skills                     

• Strong communication skills
• Strong presentation skills
• Self-Starter
• Professional and cooperative attitude
• Team player, able to work with other members of the IT and business teams.
• Thorough understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is required.
• Payment Card Industry Data Security Standard and the associated compliance requirements for a Level 1 merchant.
• Prior experience working on Cyberspace Administration of China (CAC) assessments and working with cross-border data transfer projects is desired.
• Ability to be conversant in Shanghainese or Putonghua is preferred.

Other

• Candidate will be required to submit to background check (pre-employment, criminal, credit history and references)
• Candidate will be required to be sensitive to PVH confidential and proprietary information.

,industry:Retail,title:Director, Information Security Risk, ISG, PVH China,datePosted:2022-04-01T00:00:00.000 0000,@context:****Technology,responsibilities:The primary purpose of this position is to safeguard information system assets by identifying and solving potential and actual security problems in the region. Strategize the integration of China cyber security requirements to improve the security of the environment based on business use cases or changes in threat landscape. Strategize initiatives to streamline security operations and adopt new capabilities in the region to ensure regulatory adherence. Perform presentations to various regulatory bodies, IT functions and senior IT management teams. Promote security awareness to ensure system security and to improve compliance posture and capabilities. Direct the overall PVH Security China program, including creation of security patterns, guidelines, and system hardening requirements. Collaborate with global teams and communicate country risks to global leadership teams. Manage and oversee risks associated with Information Security Policies for China. Manage and oversee a China’s security requirements and collaborate with business leaders in the region. Lead the Information Security Risk Management function, including project security review, vendors risk review, and security awareness functions. Collaborate with Compliance and Legal teams for security control requirements and implementation for current (e.g. PIPL and PCI) and new regulations, including onsite assessments and self-assessment questionnaires as required. Liaise with key business stakeholders to influence business strategy and initiatives from an overall Information Security perspective. Be the primary contact for problem-solving Information Security Risk queries and concerns for China. Translate Information Security Risk to business impact statements. Lead the implementation of information risk management principles as part of the various front line IT projects, including reviews of all new 3rd parties and vendors. Lead the security review of vendor contracts for key security clauses and implications. Provide advice and guidance on information risk matters involving legal or regulatory matters; escalates to senior leadership. Develop guidance and assist in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and legal counsel. Work with key business and IT teams to promote security initiatives, best practices, and general security awareness. Manage and develop cross functional teams to drive global capabilities that comply with local risk and compliance requirements. Development of Cyber Risk metrics and reporting, focused on active Cyber Risks as well as the efforts and results of the team. Maintain technical knowledge by attending educational workshops, seminars and reviewing publications. __________________________________________________________. Internal: Candidate will interact with various business and I.T. executives and support groups. External: This position will be required to interact with external vendors, consultants, lawyers in regard to security issues around products or vendors that PVH has purchased or is considering purchasing to ensure they will meet PVH security requirements. ,skills:information security risk management, cross functional, it management, global leadership, information risk, stakeholders, risk management, leaders, educational workshops, information risk management principles, information security, cyber security, system security, information risk management, information security policies, vendors, business strategy, problem-solving, advice and guidance, senior leadership, organization management, Senior Information Security Analyst, Information Security Compliance Analyst, Senior Information Security Engineer, Senior Information Risk Analyst, Business Information Security Risk Officer, Information Security Project Manager, Senior Information Security Specialist, Applications & Information Security Architect, Information Security Manager, Director of Information Security} Director, Information Security Risk, ISG, PVH China in Shanghai, Shanghai, China | Information Technology at PVH

Company info

Sign Up Now - ManagerCrossing.com