Data Security Officer
JOB PURPOSE工作目的
Data Security Officer (DSO) is responsible for ensuring the company meets its obligations under DSL, CSL and cross-border data transfer laws. DSO provides expert advice, guidance and direction and support the necessary standards and controls to enable the company, including its employees and relevant third parties, to manage data security control and comply with legal obligations. DSO oversees all ongoing activities related to the development, implementation and maintenance of data security policies and programs in accordance with applicable laws, regulations and Tech policies and provide strategic direction regarding existing and emerging data security laws. Ultimately, DSO should facilitate the Cybersecurity Law and Data Security Law compliance through transparent data privacy policies, systems and procedures.
DUTIES & RESPONSIBILITES / 主要职责
1. Track the updates of the DSL & CSL and relative regulations and security measurements. Lead the assessment on new published detail rules/regulations and work out related strategies to ensure AZ China Commercial meet DSL & CSL law regulation requirements.
2. As the Data Security Officer, responsible for the supervision of the compliance of local data security processes with global standards and local legal requirements.
3. Work with global Data & Information Governance team to ensure global data governance policy/standards/guidelines has no conflict with China DSL & CSL regulation requirements.
4. Responsible for the implementation of processes related safe storage, de-identification, encryption, access control and periodic deletion of personal information throughout its life cycle.
5. DSO owns local policies and processes on data security regulation and data security technical control. Be responsible for local data security policies and processes related awareness training.
6. Collaborate with other departments to ensure that data security requirements are integrated into business processes and practices.
7. DSO should co-work with DPO (Data Privacy Officer) on all CBDT related matters and act as major contact person for external queries.
8. Review and approve data security related risks of AZ China Commercial and drive the remediation of the risks.
9. Work with data privacy officer, cyber security protection officer and global security together to handle data security related incidents and manage internal and external communication, ensure we meet DSL & CSL law regulation requirements.
10. Take the role as PM to collaborate with stakeholders of CBDT in-scope systems on all related information collection and possible remediation execution.
JOB REQUIREMENTS & COMPETENCIES / 工作要求和胜任能力
1. Computer Science or information management background is a must
2. Bachelor’s degree or above, over 8 years’ experience and track-record in data governance and data privacy with solid digital & tech knowledge.
3. Comprehensive knowledge and experience of Data Privacy and Information Security
4. Relevant data privacy or privacy certification such as CIPP (preferred)
5. Solid knowledge of the Cybersecurity Law, Personal Information Protection Law and Data Security Law of the People's Republic of China
6. Familiar with cyber security GRC and data life cycle management
7. Familiar with pharmaceutical company business model and personal data types. Familiar with HGR regulation requirement
8. Corporate experience and Compliance experience is highly preferred
9. Ability to develop and deliver training materials
10. Strong written and verbal communication skills
11. Fluent in both written and spoken English/Mandarin.
Essential
- 5+ years’ experience working for Pharmaceutical MNCs.
- Proven experience on projects with global collaboration
- Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels.
- Experience in communicating, interacting, and maintaining good working relationships with supervisory authorities.
- Well-developed and professional interpersonal skills; ability to interact effectively with people at all organizational levels.
- Ability to work unsupervised, exercise leadership and influence change.
- Ability to use independent judgement and discretion when making decisions.
Desirable
- Oversea working experience is highly preferred
- PMO experience is preferred
- Enterprise level security management experience is preferred.
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.