Director, Information Security, Asia

We believe that difference sparks brilliance, so we welcome people and ideas from everywhere to join us in stretching what's possible.

At Tapestry, being true to yourself is core to who we are. When each of us brings our individuality to our collective ambition, our creativity is unleashed. This global house of brands - Coach, Kate Spade New York, Stuart Weitzman - was built by unconventional entrepreneurs and unexpected solutions, so when we say we believe in dreams, we mean we believe in making them happen. We're always on a journey to becoming our best, but you can count on this: Here, your voice is valued, your ambitions are supported, and your work is recognized.

A member of the Tapestry family, we are part of a global house of brands that has unwavering optimism and is committed to being innovative and wholly inclusive. Visit Our People page to learn more about Tapestry's commitment to equity, inclusion, and diversity.

Dir. / Senior Manager - Information Security - Tapestry Asia

This position will be in charge of data protection and information security management for Tapestry Asia, taking the responsibility of overall data protection and information security management within Tapestry Asia, with heavy focus in China.

Areas of Focus:

• Act as the primary representative of information security in Tapestry Asia to respond inquiries and requests from local competent authority regarding data protection and information security topics.
• Ensure the implementation, enhancement, monitoring and enforcement of data protection and information security strategies and requirements - in-line with corporate policies & regional requirements.
• Coordinate communications with internal key stakeholders, external third parties and where applicable, local data protection related authorities.
• Coordinate data and security incident response activities with IT, Legal and other partners to ensure timely response and in-compliance with local requirements.
• Partner with Legal & Privacy team to support privacy related work within IT.
• Exhibits exceptional written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms
• Position with Report to Tapestry Chief Information Security Officer with a dotted-line accountability with regional leadership team.

Key Responsibilities:

• Lead to develop, update, and maintain data protection and information security policies, standards and procedures to conform to internal best practices and local cybersecurity laws / regulations.
• Serve as the regional information security expert & decision maker regarding the evaluation, procurement, and deployment of security-related products
• Responsible for coordinating, aligning and translating business requirements and security generally accepted practices (e.g., risk-based practices) into security-based project plans and deliverables (e.g., standards, controls, guides, design implementations, runbooks, etc.)
• Define, propose, and coordinate security action plans including organizational, contractual and measures related to applications, infrastructure and IT services.
• Coordinate with internal stakeholders at all levels as well as with external vendors for daily security operations, including but not limited to access control, data classification, backup, encryption, etc.
• Ensure that data protection and information security risks are appropriately addressed, including performing information security risk assessments of infrastructure or application implementation for new project or modification to existing technology, coordinating comprehensive risk/impact assessment (e.g. security controls implemented, data protection, access control, cross-border data transfer, data sharing and disclosure, sensitive personal information processing, etc.).
• Review periodical security risk assessment results and ensure timely completion of remediation activities
• Coordinate completion of information security & privacy awareness training.
• Lead data and security incidents investigation and prioritize incident handling, report to the authority on data and security incident as required.
• Work closely with information security team members & peers in the global organization.

Technical & Professional Skills:

• Education: Bachelor or above of Engineering or equivalent, majoring in Computer Sciences or engineering, or information security preferred.
• Experience: Minimum 10 years of IT experience, out of which 5 years with IT Security, serving automobile industry is a plus.
• Stay current on solution vulnerabilities and provide tailored security recommendations to maximize business usability and solution security.
• Thorough understanding of information security frameworks such as NIST CSF, ISO-27001 and / or NIST 800-53, or equivalent.
• Comprehensive understanding on data governance, familiar with data security system and technology. Experience in data protection and information security system establishment, including as data security governance, information security management, personal information protection, etc. is preferred.
• Understand key cloud architecture principles, APIs, as well as appropriate enterprise data handling practices.
• Solid understanding of Identity & Access Management principles, Endpoint Security, Data Protection standards, network security technologies & application security.
• Good understanding of Operating Systems including Windows, Linux, iOS, Android, etc.
• Guide root cause analysis, debugging, support, and post-mortem analysis for any service interruptions.
• Fluency (written, spoken and read) in Mandarin Chinese and English; the ability to understand and translate technical documentation from Mandarin Chinese to English, vice versa is required.
• Proven knowledge domestic and foreign data protection and information security compliance requirements, and familiar with the laws, regulations and related to cybersecurity, data security and personal information protection.
• Strong communication skill and teamwork skill, able to effectively communicate with cross-functional teams and vendors, both written and oral communication is critical.
• High energy level, comfortable performing multiple projects in conjunction with day-to-day activities.
• Ability to work under pressure and with multiple stakeholders
• Superior interpersonal abilities. Ability to get along with diverse personalities, tactful, flexible.
• Ability to tactfully and effectively work on confidential matters
• Certifications: Information security related certification (e.g. CISP 注册信息安全 专业 人 员 , CISSP, CISM, CISA, ISO27001, ITIL) is desirable but not a must.
• Ability to work flexible hours.
• Retail company experience a plus

Our Competencies for All Employees

• Courage : Doesn't hold back anything that needs to be said; provides current, direct, complete, and "actionable" positive and corrective feedback to others; lets people know where they stand; faces up to people problems on any person or situation (not including direct reports) quickly and directly; is not afraid to take negative action when necessary.
• Creativity : Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
• Customer Focus: Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
• Dealing with Ambiguity : Can effectively cope with change; can shift gears comfortably; can decide and act without having the total picture; isn't upset when things are up in the air; doesn't have to finish things before moving on; can comfortably handle risk and uncertainty.
• Drive for Results: Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.
• Interpersonal Savvy : Relates well to all kinds of people, up, down, and sideways, inside and outside the organization; builds appropriate rapport; builds constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably.
• Learning on the Fly: Learns quickly when facing new problems; a relentless and versatile learner; open to change; analyzes both successes and failures for clues to improvement; experiments and will try anything to find solutions; enjoys the challenge of unfamiliar tasks; quickly grasps the essence and the underlying structure of anything.

Our Competencies for All People Managers

• Strategic Agility : Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
• Developing Direct Reports and Others : Provides challenging and stretching tasks and assignments; holds frequent development discussions; is aware of each person's career goals; constructs compelling development plans and executes them; pushes people to accept developmental moves; will take on those who need help and further development; cooperates with the developmental system in the organization; is a people builder.
• Building Effective Teams : Blends people into teams when needed; creates strong morale
  and spirit in his/her team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.

Tapestry, Inc. is an equal opportunity and affirmative action employer and we pride ourselves on hiring and developing the best people. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant's or employee's qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, color, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognized protected basis prohibited by applicable law. Visit Tapestry, Inc. at http://www.tapestry.com/