Cyber Security Manager - Shanghai

Shanghai (CN)
Up to 450,000 RMB
28 Jun 2017
28 Jul 2017
Contract Type
Full Time
25-50% Travel

Cyber Security / Information Security Manager - Shanghai

My Client,  a multinational Consumer Electronics Manufacturer, with global revenues of $30 Billion Revenue, are seeking a Cyber Security Manager to be based in Shanghai.

As Cyber Security Manager, you will be part of a well established global Internal Control function and offer the opportunity to build a Cyber Security team and define Security Strategies. As Cyber Security manager, you will be responsible for defining global security strategies and setting up Risks and Controls to improve Information security across the business worldwide. The Cyber Security Manager will be responsible for future recruitment within Cyber Security.


This is a role where no two days are the same – so you’ll find yourself taking on plenty of new responsibilities as you go. You’ll work alongside internal clients and colleagues, balancing your time between developing I security strategies, advising stakeholders, providing workshops and coaching staff.

  • Provide guidance and share knowledge with team members and participate in performing procedures especially focusing on complex, judgmental and/or specialized issues. Work with the team and the internal client to create plans for accomplishing engagement objectives and a strategy that complies with professional standards and addresses the risks inherent in the engagement.
  • Brief the engagement team on the internal client's IT environment and industry IT trends. Maintain relationships with internal client management to manage expectations of service, including work products, timing, and deliverables. Demonstrate a thorough understanding of complex information systems and apply it to internal client situations.
  • Use extensive knowledge of the internal client's business/industry to identify technological developments and evaluate impacts on the internal client's business. Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services. Understand Haier and its platform and actively assess what the firm can deliver to serve internal clients.
  • Information Security domains - in particular one or more of the following: Cyber Program Management, Cyber Threat Management, Identity & Access Management, Data Protection, Privacy, Organisational Resilience. This experience should include both advisory, implementation and operation experience

Skills and attributes for success

  • At least 4 years experience within Cyber Security
  • Equip with security knowledge and done related project in technical IT domains such as operating systems, networks, databases, cloud or solution development etc
  • Equip with knowledge in assessing solution architectures at the planning and design level for security issues and vulnerabilities
  • Significant experience in practical security vulnerability remediation
  • Experience in having applied relevant technical knowledge in at least one of the following engagements: (a) financial statement audits; (b) internal or operational audits; (c) ISAE 3402 engagements; (d) ERP security and controls reviews (Oracle, SAP, PeopleSoft) (e) SOX integrated audits and/or (f) application of data analytics for business process reviews (e.g., ACL, IDEAL, SQL, Tableau, Spotfire)
  • Strong technical security skills in assessment, design, implementation, architecture, and program / project delivery and work across various delivery models, (Waterfall, Agile, DevOps)
  • Willingness to travel up to 50% throughout China (and overseas when required)

Fluent in English and Mandarin

  • Strong project management skills and able to manage a portfolio of engagements
  • Advanced written and verbal communication skills and presentation skills
  • Excellent leadership, teamwork and client service skills
  • Demonstrated integrity within a professional environment

Ideally, you’ll also have

  • Industry related certification preferred (e.g. CISSP, CISA, CISM, SABSA, PRINCE2, TOGAF, ITIL).
  • CPA, CA, CISA, CISSP, CISM, CBCP, CIA, CIPP, CGEIT or certification is desired; non-certified hires are required to become certified within 1 year from the date of hire. Based on an individual's professional background, area of specialization, or industry focus, we recognize that other certifications, credentials, or experience may be more relevant than the listed certifications
  • Solution Level Certifications, OSCP, CREST, GIAC would be advantageous, as well as penetration testing experience