Director, Information Security Risk

POSITION SUMMARY:

The primary purpose of this position is to safeguard information system assets by identifying and solving potential and actual security problems in the region.

PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:

• Strategize the integration of China cyber security requirements to improve the security of the environment based on business use cases or changes in threat landscape.
• Strategize initiatives to streamline security operations and adopt new capabilities in the region to ensure regulatory adherence.
• Perform presentations to various regulatory bodies, IT functions and senior IT management teams.
• Promote security awareness to ensure system security and to improve compliance posture and capabilities.
• Direct the overall PVH Security China program, including creation of security patterns, guidelines, and system hardening requirements.
• Collaborate with global teams and communicate country risks to global leadership teams.
• Manage and oversee risks associated with Information Security Policies for China.
• Manage and oversee China's security requirements and collaborate with business leaders in the region.
• Lead the Information Security Risk Management function, including project security review, vendors risk review, and security awareness functions.
• Ability to lead teams and work with cross-functional team in a matrix and global setting.
• Collaborate with Compliance and Legal teams for security control requirements and implementation for current (e.g. PIPL and PCI) and new regulations, including onsite assessments and self-assessment questionnaires as required.
• Liaise with key business stakeholders to influence business strategy and initiatives from an overall Information Security perspective.
• Be the primary contact for problem-solving Information Security Risk queries and concerns for China.
• Translate Information Security Risk to business impact statements.
• Lead the implementation of information risk management principles as part of the various front line IT projects, i ncluding reviews of all new 3rd parties and vendors
• Lead the security review of vendor contracts for key security clauses and implications.
• Provide advice and guidance on information risk matters involving legal or regulatory matters; escalates to senior leadership.
• Develop guidance and assist in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and legal counsel.
• Work with key business and IT teams to promote security initiatives, best practices, and general security awareness.
• Manage and develop cross-functional teams to drive global capabilities that comply with local risk and compliance requirements.
• Development of Cyber Risk metrics and reporting, focused on active Cyber Risks as well as the efforts and results of the team.
• Maintain technical knowledge by attending educational workshops, and seminars and reviewing publications.

RESOURCEFULNESS/CREATIVITY:

A high degree of resourcefulness and creativity is required in this position to be able to meet the challenge of a constantly changing business needs and threat landscape. Develop new and exciting security awareness training content that is relevant to the business. Create new performance metrics to identify key risk indicators within the security department

QUALIFICATIONS & EXPERIENCE:

Experience:

• 10 years of experience in information security or risk management role
• Experience managing and mentoring direct reports and staff
• Experience reviewing contracts for information security requirements and concerns.
• Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols

Education:

• Bachelor's degree or above.
• Post-Graduate or relevant certifications are considered a plus.

Skills

• Excellent communication skills and strong presentation skills
• Self-Starter
• Professional and cooperative attitude
• Team player, able to work with other members of the IT and business teams.
• Thorough understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is required.
• Payment Card Industry Data Security Standard and the associated compliance requirements for a Level 1 merchant.
• Prior experience working on Cyberspace Administration of China (CAC) assessments and working with cross-border data transfer projects is desired.
• Ability to be conversant in Mandarin is preferred.

Other

• Candidate will be required to submit to background check (pre-employment, criminal, credit history, and references).
• Candidate will be required to be sensitive to PVH confidential and proprietary information.