IT program training
A multinational FMCG company based in Guangzhou
Focus on information security: BS10012, ISO27001, P.R.C Cyber Securrity Law, etc
About Our Client
My client is a multinational FMCG company operating in over 50 countries and districts in the world. For my client, China is one of the biggest market for them that generates over ten billion revenue per year and my client is proactively investing in the digital transformation projects to boost business growth.
1. Developing and maintaining information security awareness, education and training programs.
2. Developing and maintaining targeted security awareness and training. Identify audiences for more targeted training (e.g. Executives, privileged users, etc.), develop appropriate training and awareness programs for those audiences, and deliver tailored training, such as for OWASP Top10, CyberSecurity Laws and privacy compliance.
3. Developing and reporting mechanisms understanding of information security across the enterprise.
4. Assist the phishing awareness program, and other information security awareness tools and applications, raising the awareness of phishing through communications, periodic fake phishes, and phishing training.
5. Assist in the design, implementation, documentation, publishing, maintain and communicate of security control, policies, procedures, standards and guidelines.
6. Work with Legal and Privacy team to keep tracking and identifying compliance requirements of local cyber security laws and regulations, provide security advisory for gap analysis, risk assessment and remediation.
9. Developing and maintaining vendor risk management program, include assist in vendor risk assessment for security terms review for project team, assist in global Vendor Risk Assessment (VRA) process and tools landing in GCR.
10. Engage in regular risk assessment and remediation based on updated digital asset inventory.
The Successful Applicant
1. Familiar with risk management best practice, International standard and cyber security related laws and regulation, include BS10012, ISO27001, PCI, P.R.C Cyber Security Law, Information Classified Security Protection etc.
2. Proficient in providing security advisories, solutions or mitigation approach on the inherent risks
3. Experience in understanding and deploying risk management frameworks
4. Excellent written and verbal communication and organizational skills
5. Good written and oral communication in both of Chinese and English
6. Good interpersonal skill and project management capability
What's on Offer
1. Attractive salary package and benefit system
2. Clear career progression path