Director, GRC APAC

POSITION SUMMARY:

The primary purpose of this position is to provide information security leadership in APAC region by safeguarding information systems per risk-based approach and support business management by being a trusted advisor and executor through engagement with various internal and external stakeholders.

PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:

• Engage with senior business leaders in the region and support business objectives through security partnership.
  
• Proactively understand the emerging security regulatory and legal landscape in the region and execute needed actions to mitigate company's risk exposure.
  
• Perform security assessments & reassessments on vendor engagements based on security & privacy risk.
  
• Collaborate with business on new project requests and provide guidance with security principles and architecture definitions.
  
• Liaise with external stakeholders to drive PVH's security interests such as high-risk vendors, regulators, security consultants and government authorities.
  
• Promote security awareness culture to ensure system security and to improve security compliance posture and capabilities.
  
• Collaborate with business and functional stakeholders to conduct assessments and external audits for compliance with PCI-DSS standard in the region.
  
• Lead security governance setup in the region and perform risk assessment in collaboration with business stakeholders.
  
• Establish & maintain risk register to monitor and report status of remediation actions, exceptions sought along with compensating controls.
  
• Implement data security control framework aligned with the global approach and ensure its implementation in the region.
  
• Formulate security processes and tailor global security policies to align with legal & regulatory requirements in the region.
  
• Conduct penetration tests for critical assets and targeted networks and drive mitigating actions to improve security maturity.
  
• Collaborate with legal, privacy and business stakeholders to maintain and mature China security compliance i.e. CPCS, CBDT, PIPL etc.
  
• Collaborate with global teams and communicate country risks to global leadership teams.
  
• Be the primary point of contact for Information Security Risk queries and concerns for APAC region.
  
• Partner with key business and IT teams to promote security initiatives, best practices, and general security awareness.
  
• Develop & manage cross functional teams to drive global capabilities that comply with local risk and compliance requirements.
  
• Development of security risk metrics and reporting, focused on active Cyber Risks as well as the efforts and results of the team.
  

DECISION MAKING:

This position requires the candidate to be able to make quality decisions of a risk and technical nature that will affect the security of PVH's information security posture. The candidate is expected to m anage, coordinate, and refine the security program. Review of new vendor contracts for security clauses. Provide strategic risk guidance for IT projects and business projects.

RESOURCEFULNESS/CREATIVITY:

A high degree of resourcefulness and creativity is required in this position to be able to meet the challenge of constantly changing business needs and threat landscape. Develop new and exciting security awareness training content that is relevant to the business. Create customized & cost prudent security solutions supporting business with balanced approach between business enablement & risk exposure mitigation.

ENVIRONMENT:

In-office attendance and off-hours availability will be required for this position.

QUALIFICATIONS & EXPERIENCE:

Experience:

• 10+ years of experience in an information security or risk management role
  
• Experience managing and mentoring direct reports and staff members
  
• Experience reviewing contracts for information security requirements and concerns.
  
• Experience in the security aspects of multiple platforms, operating systems, software, communications, and network protocols
  
• Working knowledge of international security standards such as ISO 27001, NIST, PCI-DSS, SWIFT etc.
  
• Well versed with security and privacy regulations in the region such as CBDT, CPCS, PIPL, DPDP etc.
  

Education:

• Bachelor's degree in Engineering/Computer Science is required and Masters degree is a plus.
  
• Security certifications such as CISSP, CISM, CISA, CCSP etc. are strongly desired.
  

Skills

• Strong communication skills
  
• Strong presentation skills
  
• Self-Starter and motivated
  
• Team player, able to work with other members of the IT and business teams.
  
• Thorough understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business is required.
  
• Payment Card Industry Data Security Standard and the associated compliance requirements for a Level 1 merchant.
  
• Prior experience working on Cyberspace Administration of China (CAC) assessments and working with cross-border data transfer projects is desired.
  
• Ability to be conversant in Shanghainese or Putonghua is preferred.
  

Other

• Candidate will be required to submit to background check (pre-employment, criminal, credit history and references)
  
• Candidate will be required to be sensitive to PVH confidential and proprietary information.