Director, Information Security Governance

  • Competitive
  • Beijing, Beijing Shi, China
  • Not specified
  • S&P Global
  • 22 May 19

Director, Information Security Governance

JobDescription :
The Role: Director, Information Security

The Location: Beijing

The Team: As a Director, Information Security, you will be part of the Global Technology, Cyber Security team that develops and oversees the company's security program, ensuring the company is protected from existing and emerging threats.

The Impact: As the Director, Information Security, you will be part of the Global Technology, Cyber Security team that develops and oversees the company's security program, ensuring the company is protected from existing and emerging threats. Working with the various teams, the China Analyst will ensure that appropriate procedures followed tdetect and respond decisively tsecurity incidents, coordinating incident response-related activities within China and providing support globally.

Responsibilities:

  • Responsible for overall information security governance and data privacy management for S&P China Legal Entities.
  • Supervise & oversee the Information Security staff (~8 resources) working in the Beijing and Singapore offices.
  • Develop, update, and maintain information security policies, standards and procedures to conform to internal best practice and local cyber security laws / regulations.
  • Coordinate with internal stakeholders at all levels as well as with external vendors for daily cybersecurity operations.
  • Liaise with Company internal audit, governance bodies and in-country regulators as needed.
  • Represent S&P Global as Information Security & Data Privacy subject matter expert.
  • Assist as needed with client-requests requiring S&P Global to respond to its clients on matters related to information security.
  • Perform Information Security risk assessments for high-risk vendor engagements and controls assessments for applications/ platforms.
  • Review and assess S&P Global applications' controls / standards conformance to internal standards, policies, and guidelines to evaluate the effectiveness of controls; develop follow-up action plans for identified gaps identified; provide the necessary follow-up to closure.
  • Provide associated analysis, reporting and metrics for assessments.
  • Perform control risk assessments for environments, including cloud-based applications and public cloud infrastructure.
  • Assist with enhancement of assessment questionnaire(s), assessment process documentation and templates.
  • Implement current Information Security vendor risk framework and processes at S&P Global Beijing Office.
  • Collect, review and evaluate assessment questionnaire responses and supporting documentation to evaluate the effectiveness of vendors' IT security controls and develop follow-up action plans for gaps identified; provide the necessary follow-up to closure.
  • Perform continuous risk monitoring of high-risk vendors.
  • Develop, update, maintain and enforce data privacy related policies, standards and procedures to meet management and regulatory requirements.
  • Coordinate with relevant teams to perform data protection impact assessments within organization.
  • Develop, update, maintain and enforce cross-border data transfer related policies and procedures to meet management and regulatory requirements.
  • Coordinate with relevant teams to conduct cross-border data transfer security assessment within organization.
  • Exercise data privacy related compliance risk analysis to support business decision making and business operation.
  • Act as an immediate escalation point - as necessary - during non-business hours US - EST; take decisive actions on behalf of the Chief Information Security Officer and Information Security leadership during non-business hours (US EST).
  • Perform control risk assessments for environments, including cloud-based applications and public cloud infrastructure.

What We're Looking For:
Required Skills:
  • Education: Bachelor majoring in Computer Sciences or engineering, or information security preferred; Master's degree preferred.
  • Experience: 10 years of related experience with Bachelor's degree, 6 years of related experience with Master's degree preferred, including managerial experience .
  • Experience with Information Security and/or Technology Risk Management, servicing US-based financial services clients is a plus.
  • Exposure to cloud securit y is required; familiarity with pubic cloud technologies such as Amazon Web Services (AWS) or Alibaba is essential.
  • Ability to assess Information Security controls with respect for on premise and cloud-based applications / infrastructure.
  • Thorough understanding of cyber security frameworks such as NIST CSF, ISO-27001 and / or NIST 800-53 Rev 4, or equivalent. Thorough understanding of cyber security frameworks and data privacy protection frameworks such as NIST CSF, ISO-27001 and / or NIST 800-53 Rev 4, ISO-29100, ISO-29151, ISO-29134, or equivalent.
  • Fluency (written, spoken and read) in Mandarin Chinese and English; the ability to understand and translate technical documentation from Mandarin Chinese to English, vice versa is required
  • Familiarity with Chinese cyber security laws, GDPR, and applicable regulations/mandates is required
  • Strong communication skills are necessary. The resource should be able to effectively communicate with cross-functional teams and vendors, both written and oral communication is critical
  • Any prior exposure to vendor or client risk management is a plus
  • Certifications: Information Security, risk management and data privacy related certification (e.g., SANS/GIAC, ISACA CRISC, ISC2 CISSP, ISACA CISA, CIPM, CIPP/A, CIPP/E, IAPP) is desirable but not a must.
  • Project management skills are nice to have as the activities involve coordination with internal stakeholders and the vendors
  • Ability to work flexible hours (US EST-centric) is necessary.

S&P Global Corporate
At S&P Global, we don't give you intelligence-we give you essential intelligence. The essential intelligence you need tmake decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts.

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law.