Information and Cyber Security Officer for China

Willis Towers Watson (Shanghai, 中国) 24天前发布

This role will support the delivery of the Information and Cyber Security Compliance function and will therefore include activities such as:

Regulatory Requirement Mapping

  • Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes.
  • Map regulatory requirements across regulations against internal policies and controls
  • Establish control assurance against internal policies and controls and regulatory requirements
  • Conduct gap assessment

Monitoring Compliance

  • Track regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls.
  • Ensure that Information and Cyber Security policies comply with regulations; work with the Policy and Standards Team when policies need to be updated or created.

Information and Cybersecurity Compliance Program

  • Assist in implementing various ICS Compliance programs and reporting
  • Assist in the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework such as ISF, ISO 27001, PCI-DSS, SOC 1/2, Cobit, etc..
  • Provides input and assist in shaping and improving Information and Cyber Security Compliance framework and processes  

Cross-Functional Collaboration

  • Coordinate with other compliance functions – like Audit and legal (Compliance and Privacy) – to track compliance across the organization and pool expertise on vague or complex regulatory requirements.     
  • Work with business units to ensure controls are effective and appropriately address the relevant regulatory requirements they address.
  • Assist in interfacing, attesting and demonstrating compliance with relevant authorities, regulators and auditors during compliance assessment and/or audits
  • Support and liaise with other ICS functions such as client assurance, supplier risk, ICS Projects, security consultancy, for China business entities.

Skills and experience required:

  • Technical expertise and experience in implementing security controls
  • Demonstrable experience in analyzing and applying regulatory requirements to security practices
  • Familiarity with China’s IT, security and privacy related regulations such as China Cyber Security Law, Multi-Level Protection Scheme, Cross border requirements and other associated national standards
  • Familiarity with other Information Security and Data Privacy regulations in Asia Pacific and EMEA is preferred such as but not limited to GDPR, FCA, Australia CPS 234, Philippine Data Privacy Act etc..
  • Familiarity with changes and trends in the regulatory landscape.
  • Demonstrable ability to lead and execute across a range of business and functions with differing issues and interests.
  • Sound knowledge in the implementation and compliance to Information Security industry best practices and standards including but not limited to, ISO 27001, ISF, Cobit, PCI-DSS, SOC1/2/3, etc..
  • Strong Project Management skills and experience
  • Excellent writing, presentation, and communication skills
  • Experience with IT audit functions and IT controls are preferable
  • Proven ability to work in global collaborative group environment
  • Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales
  • Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s
  • Excellent analytical problem-solving skills
  • Knowledge of IT operations and/or system or network administration
  • Experience of working in a regulated environment, not necessarily insurance or financial services are preferable
  • Knowledge on risk assessment processes, methodologies and framework such as IRAM, ISO 27005/31000


  • Strong desire to continue to learn
  • Resourcefulness and organisational agility
  • Global team player with good interpersonal and influencing skills
  • Customer Focus/ Relationship Management
  • Personal learning
  • Organized and methodical
  • Integrity and Trust


  • Qualified to degree level, in IT or security related subject.
  • At least 7 years’ work experience in Information Security.
  • Information security certifications (e.g. CISSP, CISA, CRISC, CISM,) are preferable
  • Project Management certification (e.g. PMP) is also preferable
  • Fluent in speaking in both Chinese and English languages is REQUIRED.
  • Ability to speak other Asian Non-English language (e.g. Japanese) is preferred.


:   Technology