Senior Manager, Cyber Security (China)
Shanghai , Mainland China
Date published: 26-May-2020
Share with: Facebook
Send to a friend
At CBRE, you are empowered to take your career path into your own hands. Our people enjoy workplace flexibility in a global organization with tremendous scale providing corporate real estate and property services. Each day you will work in an inclusive and collaborative environment with supportive teammates and be challenged to grow and be your best every day.
We have an exciting opportunity for a Senior Manager, Cyber Security (China). This person will serve as the security leader for China and the primary interface to local regulators and customers in regard to all matters relating to cyber security and data protection.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Oversee CBRE's cybersecurity management and regulatory compliance in China.
- Assuring and implementing CBRE’s personal information security in China.
- Lead the cybersecurity review on local applications based on CSL (China Cyber Laws) and related requirements, including MLPS [Multi-Level Protection Scheme]. Accountable for MLPS assessment and certification.
- Work with internal development team to address risks throughout the SDLC (Software Development Lifecycle) process and confirm that the level of risk is acceptable in accordance with CBRE security policies and CSL.
- Lead security discussions in regard to cross-border data transfer management, from identification, registration, self-assessment and authority reporting.
- Drafting, publishing, updating and implementing privacy policies, cybersecurity policies, and other relevant regulations.
- Establishing, maintaining, regularly updating the list of personal information retained by CBRE (including the type, quantity, source, recipient of the relevant personal information).
- Conducting security and privacy impact assessments.
- Providing training on personal information security, cybersecurity and data security.
- Conducting security audits.
- Handling user complaints, queries and requests to exercise their rights.
- Implementing the Multi-Level Protection Scheme of CBRE’s system and conducting regular reviews and checks.
- Monitoring and supervising technical security measures to safeguard against cyberattacks
- Monitoring and supervising recording obligations about cyber operation and security incidents.
- Drafting, publishing, updating and implementing emergency response plans against any system vulnerabilities, cyberattacks, computer viruses, data backup policies and procedures, etc.
- Identifying and controlling the security risks of data processing in daily operation, and proposing measures to remove such risks.
- Drafting, publishing, updating and implementing data security policies and solutions, to ensure security in collection, transfer, storage, process, exchange, and destruction of data.
- Collaborating with business units, application/infrastructure teams, and third-party vendors to achieve business goals while maintaining security standard.
- Liaising with the local regulatory authorities, including but not limited to, providing required assistance to local regulatory authorities, reporting cybersecurity incidents and taking the lead to handle such incidents.
To be successful in this role you will ideally have:
- A minimum of 10-12 years of information security experience
- Understanding of data security, cybersecurity and data privacy laws and regulations.
- Good knowledge in common security frameworks, e.g. ISO27001, NIST, COBIT.
- Recognised industry certifications, e.g. CISSP, CISA/CISM/CRISC, CIPP/CIPM/CIPT, PMP, ITIL
- At least one cycle of MLPS certification, strong knowledge of China Cyber Security laws and regulations
- Working knowledge of various security technologies
- High proficiency in English and Mandarin
If working with the best in an exciting and rewarding team environment appeals to you then we want to hear from you. Please attach your CV to your application.