Description
Control Risks is currently looking for an experienced Cybersecurity Consultant to be embedded with our client, a global FMCG business, based in Shanghai, China. This role will play a key part in the ongoing improvement to the client’s cybersecurity risk management program in China.
This position will be hired as an initial 1-year contract, with scope for further extension.
Key responsibilities will include:
Cybersecurity compliance for China’s technology and information handling regulations;
• Support for MLPS2.0 compliance activities.
• Support for PIPL and DSL compliance.
Cybersecurity governance;
• Formal identification of cybersecurity risks for the Client’s senior leadership.
• Compliance with to-be-developed information and cyber security policies and procedures (expected as part of the program development workstream), which should include:
• Cyber security risk identification and support for risk management.
• Development and tracking of vulnerability management program.
• Provide cybersecurity review for change management actions.
• Status of systems against technical standards and requirements (expected as part of the program development workstream).
• Development and practicing of cybersecurity incident management planning.
• Tracking of access grants to critical systems.
Cybersecurity operations;
• Receipt of electronic system alerts for events that may become security incidents.
• Spot checks of logging for critical systems and functions.
• Review location, status, and scope of offline and online backups.
• Current status of updates and patches for systems.
• Review of cybersecurity testing such as phishing tests, penetration test, vulnerability scans and cybersecurity health ratings (this depends on the services and systems that the Client has available).
• Support for incident response as needed and in conjunction with Control Risks’ services.
• Documenting of cybersecurity near-misses and, should they occur, cybersecurity incidents.
• Support for ongoing cybersecurity training of Client staff and acting as a champion for cybersecurity in the organisation.
Monthly, quarterly, and annual reporting and the ongoing documentation of cybersecurity program activities;
Cyber security program development, including gap analysis and remediation, development of policies and procedures, and the development of relevant communication and training materials.
• Undergraduate degree in a field related to security, information security, intelligence, or computer science.
• Suitable industry certification such as CISSP, CISM, CRISC, SANS, CEH, etc.
• Experience of Cyber Security Law compliance program implementation and demonstrable experience operationalising regulatory requirements.
• Good knowledge of IT, network infrastructure and security architectures/solutions.
• Ability to communicate clearly in written and oral English and Chinese at senior levels.
• Able to explain difficult technical concepts and ideas in non-technical terms to colleagues and to clients.
• Knowledge of Azure, Microsoft Security, and technology services.
• Good understanding of regional political and social issues that may drive or otherwise impact cyber security risks.
• Want to be in a fast paced, innovative, and highly stimulating environment.
• Are flexible in challenging situations, and relish teamwork.
• Able to work independently under managerial guidance.
• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer.
• We operate a discretionary global bonus scheme that incentivises, and rewards individuals based on company and individual performance.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.