Security & Compliance (PIPL, DSL, CSL)
- Requires exceptional knowledge of Security standards and advanced knowledge of others and applies these skills to ensure the Business Units in China meets its goals
- Creates an environment where innovation is standard taking appropriate risks to advance innovative processes
- Interpret and apply China regulatory requirements into actionable IT controls.
- Ensure personal data of Chinese citizens is localized within Mainland China.
- Establish and maintain security policies, compliance documentation, and audit evidence.
- Provide guidance on cross-border data transfer approvals, security assessments, and contractual obligations.
Cloud Infrastructure Security
- Manage cloud accounts in AWS China, Azure China, or equivalent providers.
- Implement and maintain IAM, KMS, encryption, VPC security, logging, and monitoring.
- Conduct regular vulnerability assessments, patch management, and threat detection.
- Ensure secure backup, recovery, and disaster recovery solutions are in place.
Separation of Duties & Access Control
- Enforce strict RBAC policies between global and local teams.
- Review and audit privileged access accounts.
- Ensure compliance with least privilege principles and monitor access logs.
- Drive remediation of any separation of duties violations.
Collaboration with Local Application Teams
- Work with China application and infrastructure teams to ensure compliance controls are built into solutions.
- Review application architectures for data residency and PIPL compliance.
- Support secure IDLC and cloud-native security practices.
Audit & Risk Management
- Act as the primary point of contact for internal and external auditors in China.
- Conduct and support periodic compliance reviews and penetration tests.
- Track findings and ensure timely remediation.
- Develop and maintain compliance dashboards and risk registers.
Global Collaboration
- Align China-specific compliance requirements with global security policies (ISO 27001, NIST, GDPR).
- Share regular updates, risks, and compliance status with global leadership.
- Support global security projects while ensuring China regulatory requirements are not compromised.
BASIC QUALIFICATIONS
- Education: Bachelor’s degree in Computer Science, Information Security, or related field.
- Experience: 4+ years in cloud security, compliance, or audit roles.
- Technical Skills:
- Hands-on with AWS China / Azure China security features.
- Strong knowledge of IAM, encryption, SIEM, CSPM, DLP, vulnerability management.
- Familiar with DevSecOps practices.
- Compliance Knowledge:
- Deep understanding of China PIPL, DSL, CSL.
PREFERRED QUALIFICATIONS
- Experience with ISO 27001, GDPR, SOC2, or equivalent frameworks is a plus.
- Soft Skills:
- Strong stakeholder management and communication skills.
- Ability to work with both local Chinese teams and global counterparts.
- Fluent in Mandarin and English.
Work Location Assignment: On Premise
Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.
Information & Business Tech