Regional Information Security Manager

  • CDI
  • Chine
  • Shanghai
  • Systèmes d'Information
  • Minimum 6 ans
  • Hermès China

General Role

<h3>The Regional Information Security Manager role is to ensure the streamlined alignment of the Group and Region for all Information Security and IT Security matter. He/she is responsible for the security and associated compliance aspects in his/her region.</h3>


<ul> <li>The primary purpose of this role is to ensure strong regional alignment with the Global CISO team/strategy and promote any regional requirements for integration in the Global Information Security strategy.</li> </ul> <p> </p> <ul> <li>The secondary purpose of this role is to manage and deliver several Cybersecurity Transformation Programs activities that fall within this domain. All the SecOps aspects like day to day operations, patch and vulnerability management or security architecture design are part of it.</li> </ul> <p> </p> <ul> <li>The third purpose of this role is to become a credible and recognized Information Security Single Point Of Contact (SPOC) across the region able to influence at Senior level, educate the business functions; interact successfully with all oversight functions (risk, audit, legal…) and local regulators.</li> </ul>

Main responsibilities

<ul> <li>Be the Regional entry point for the Global Cybersecurity team and the local functions for IT Security and Information Security.</li> <li>Provide Cybersecurity consultancy and advisory on cross-functional initiatives and special initiatives that occur as a result of an ad-hoc request received from the Business, the regulator or the IT Team.</li> <li>Ensure the adoption and compliance with the Hermès Information Security Policy as well as the global Information security processes, tools.</li> <li>In close collaboration with the Audit and Risks department team, be the local point of contact for all auditors (internal or external) and coordinate and/or lead all IT audits execution</li> <li>In close collaboration with the Global Cybersecurity team, manage the 3rd parties security assurance and annual re-certification activities for the region.</li> <li>In close collaboration with the Global Cybersecurity team, monitor the IT & Information Security risks at local and regional level.</li> <li>Be a member of the regional incident response team taking the lead on all Cybersecurity and IT Security matters.</li> <li>Establish, own and manage Cybersecurity audit framework, leveraging on Group tools and processes while ensuring local criteria are in scope.</li> <li>Act as a local business enabler for the Global Cybersecurity team and evangelize IT security via regular training sessions delivery to ensure that Cybersecurity is not seen as a blocker, but as a partner to endeavors and goals.</li> <li>Own projects delivery and initiatives within the Global Cybersecurity Roadmap providing tactical project management where necessary, SME guidance where appropriate and by calling on the resource of other teams and departments as required.</li> <li>Act as a collaborator across the CISO team and wider business, sharing knowledge and insight and helping develop individuals.</li> <li>Produce presentations and analysis describing Information Security and CISO team activities for a range of audiences with varying levels of seniority.</li> <li>Manage the Cybersecurity regional annual budget in coordination with the local management as well as the Global CISO.</li> <li>Liaise with other pillars to standardize Management Information (MI) reporting, with ownership of all MI data produced by the Operations pillar. Coordinate the production of MI, reporting packs and presentation materials within the CISO team and communicate the outputs to relevant internal and external parties.</li> <li>Be the contact point with local authority & consultant partner, to monitor, forecast the information security regulation tendency on regional level, communicate and share with group security team & global CISO.</li> <li>Leading & managing the local information security activities according to local regulation & policy, as DengBao (Information Security Class Protect Quantification), ICP process & Public Security Bureau record, etc.</li> </ul>


<ul> <li>University degree in a technology</li> <li>More than 5 years Cybersecurity/InfoSec/IT Security experience in large international organisation</li> <li>Security certifications like but not limited to: <ul> <li>CISSP</li> <li>CISM</li> <li>CISA</li> <li>CGEIT</li> <li>CRISC</li> <li>ISO 27001/5</li> </ul> </li> <li>Knowledge of applicable data privacy practices and laws.</li> <li>Knowledge of network protocols and IT infrastructure.</li> <li>Proven experience working successfully with external service providers</li> <li>Strong understanding of project management principles.</li> <li>Excellent interpersonal skills.</li> <li>Ability to present ideas in business-friendly and user-friendly language.</li> <li>Highly self-motivated and directed with ability to effectively prioritize tasks.</li> <li>Proven analytical, evaluative, and problem-solving abilities.</li> <li>Extensive experience working in a team-oriented, collaborative environment.</li> <li>Excellent English written and oral communication skills. French is a plus.</li> <li>Regular travels are required.</li> </ul>