In this highly visible role, the Principal Security Engineer will act as the Information Security Officer (ISO) responsible for planning, organizing and executing enterprise-wide information and infrastructure security related initiatives for business units and infrastructure operating out of China. This includes, but is not limited to, strategies in support of all security policies, use of appropriate security tools, and of all product development and Solution Platforms from a security perspective. In addition he/she will advise senior leadership on local Chinese regulations and matters of law, set tactical direction and manage the operations of the information security functions aligned within a respective business unit, and oversee the implementation of Security Framework standards and initiatives. The BISO will be working with a collaborative group of individuals across all business units including Elsevier and RELX Security groups to ensure access, asset and overall Security tools are effectively being utilized and deployed across the enterprise.
The BISO is expected to drive the change and strategy execution required to achieve specific business results from a security perspective and ensure BU actions and strategies do not unknowingly alter the security posture of the BU, Elsevier or RELX. This role delivers outcomes, longer term improvements and benefits that are measurable and impact the achievement of organization goals, focusing on risk management and enhancing the cybersecurity defenses of the engaged business units in APAC, including entities such as Corp Markets, Clinical Solutions, Research Applications, Content & Data Technology, Business Technology Solutions and Technology Infrastructure.
The BISO incorporates broad knowledge to address complex and critical issues and is not intimidated to find new and innovative ways to solve complex security challenges. Creates value and opportunity; has an external focus, anticipates new trends, emerging risks and organizational needs. Works with key executives across the organization to offer and expand the footprint of existing security technology solutions, and leads cross-functional teams to prioritize initiatives, investments and projects. The role serves as an expert advisor to senior management, with superior influence and impact.
Reporting to Elsevier’s SVP, Chief Information Security Officer, the individual in this role will:
- Provides a critical liaison role between the business unit leadership and Elsevier Cyber Security organization significantly enhancing the level of collaboration, effective communications, and alignment of goals, strategies and plans.
- Drive information and infrastructure security awareness and governance deep into the organization, aligning Business & Technology units with enterprise cybersecurity programs and objectives
- Maintains key understanding of Chinese technology compliance regulations, especially as they apply to foreign technology hosting.
- Significantly contribute to the adoption and lead implementation of security solutions, tools and monitoring to mitigate cybersecurity risks, and maintain the confidentiality, integrity and availability of BU's information systems and data
- Define the information and infrastructure security needs of the BU's utilizing a risk-based approach. Develop goals, training recommendations, strategies, plans, and success criteria needed to achieve the vision.
- Bring cybersecurity skills and risk management knowledge to bear on key projects in support of the BU's goals, strategies and initiatives
- Design and participate in exercises and assessments to test the overall readiness of the BU's to prevent security issues and interpret overall Risk within the BU
- Develop and report BU metric scorecards to reflect the level of adoption and compliance to security policies / standards, remediation of vulnerabilities, and residual risks. Efficiently liaise with customers, or provide applicable reports, as requested to provide appropriate assurance regarding the security of a BU’s products and services.
- Nationalize and evangelize new security tools, cyber training opportunities, reports and processes.
- Work closely with the remediation team and Internal Audit to align all activities for addressing findings and exceptions.
- Provides actionable insight and understanding to resolve conflicts relevant to enhancing the local cybersecurity posture, and builds recommendations and consensus amongst key stakeholders to address barriers to achieving desired results.
- Assist in the identification and elimination of duplicative efforts; accelerate sharing of best practices. Proven ability to influence, implement and execute against the plans through cross-functional teams.
- Apply expert knowledge in data protection, 3rd party management and risk mitigation techniques – especially as they relate to Chinese regulation, privacy and legal matters.
- Demonstrate the ability to clearly articulate risks to executive management balancing business benefits with cybersecurity risks
- Consistent exercise of independent judgment and discretion in matters of significance.
- Ability to successfully collaborate with multiple technical functions in the areas of security, infrastructure, technical operations, training, software engineering and customer support.
- Communication superstar; strong communication (verbal and written) and customer service skills. Strong interpersonal and presentation skills applicable to a wide audience including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums.
- Highly fluent in both Chinese and English languages
- Organizationally savvy, successfully navigates complex and highly matrixed organizations
- Strong understanding of Chinese compliance and governance initiatives.
- Strong organization/project planning, time management, and change management skills across multiple functional groups and departments, and strong delegation skills involving prioritizing and reprioritizing projects and managing projects of various size and complexity.
- Keen reader of people, culture and trends; builds the relationships to make things happen.
- Strong problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
- Data analytics skills
- Creates value and opportunity by leveraging innovative approaches
- Takes ownership for team's execution and getting things done
- Personally invests in driving superior results
- Acts collaboratively and decisively with a "one Team" mindset
- Simplifies complexity wherever possible; cuts through the noise and defines a clear path
- Challenges teams to focus and perform at their peak
- Assembles strong, diverse teams to deliver results and to encourage and respect new ideas and challenges
- Ability to develop and implement security programs.
BS in technical filed is minimum
Certifications: Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials is preferred
Generally requires 12+ years related experience
Required Travel: Up to 25%, ability to travel within the BU's geographic area- position is based in Shanghai China. Occasional travel to the UK and US.
Elsevier is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. If a qualified individual with a disability or disabled veteran needs a reasonable accommodation to use or access our online system, that individual should please contact 1.877.734.1938 or firstname.lastname@example.org.