Work Location:
CN (Guangzhou, Shanghai)
FedEx Information Security (InfoSec) ensures the security of the enterprise systems and data, through business agility, system reliability, and information security controls to enable the business to deliver the Purple Promise. The Global InfoSec team strives to protect the enterprise from cyber threats, secure business operations, and ensure global regulatory compliance.
APAC (Asia Region) Information Technology (IT) InfoSec team is responsible for developing regional specific security patterns and secure Enterprise services that will be hosted locally to meet regulation requirements and liaise between the business, IT, and regulatory authorities to help both parties understand security nuances and compliance requirements. The team will also work with internal customers and the global InfoSec team to improve availability of infosec services for the AMEA region.
Job Descriptions:
The roles and responsibility have been described as follows:
Key Responsibilities
● Develop with limited supervision, maintain, and improve security patterns specific to the AMEA region based on regulatory compliance requirements and business and IT needs.
● Understand regulatory compliance requirements and track implementation by country.
● Understand and roll out InfoSec standards globally and provide enforcement reporting to the business, IT, and InfoSec leadership.
● Develop relationships within InfoSec, IT, and the business to act as a liaison to increase the security posture in region.
● Act as vulnerability reporting and remediation lead.
● Provide support for Information Security FIRST process including advising and issue tracking remediation.
● Provide the business advice and support execution of the strategies, plans, and tasks developed by Data Security Committee.
● Maintain the personal data inventory.
● Support the performance of global Information Security assessment project.
● Support the business in performing Data Protection Impact Assessments.
● Provide advice and guidance on data privacy measures based on the outcome of the impact assessments.
● Provide risk based assessments for decision-making guidance to the leadership team on both cyber security and regulatory issues.
Training and awareness
· Design, develop and roll out the information security and privacy elementary training module.
· Support the Manager to design, develop and roll out targeted awareness trainings for specific groups.
· Work with Internal Communication to prepare privacy newsletters and other awareness campaigns.
· Develop, with limited supervision, communication material to increase awareness.
This role is focused on delivery management, and therefore needs to be able to work at many levels. You will help the business to achieve compliance, data protection, and effective information management in accordance with the regulations including General Data Protection Regulation (GDPR), Cyber Security Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL), and other applicable data protection laws and regulations.
1. Geographic Remit – AMEA
2. May be required to perform other duties as assigned.
Requirement:
● Preferably Bachelor's degree or equivalent in Computer Science or related discipline
● Proficiency in English comprehension
● Proficiency in Mandarin comprehension
● Preferably with minimum 3 – 5 years of work experience especially in application support, cyber security, or regulatory compliance
● Preferably have Analytical Skills; Planning