This role is within Information Security and Risk Management (ISRM), responsible for country cyber security program. Key point of contact for all ISRM related matters, ensuring delivery and support of all ISRM programs and solutions in the country. Work collaboratively with global ISRM and IT functions, local IT teams and local business partners.
Core Job Responsibilities
- Key point of contact at the affiliate/region for all Incident Response related activities and communications. Key liaison with business and IT
- Responsible for gathering the artifacts to facilitate incident response process and coordinate IT systems remediation – gather logs, gather evidence, take forensic images, isolate any IT equipment impacted and coordinate all needed investigation activates under the direction of ISRM IR team
- Country/region specific expertise to support ISRM security architecture needs
- Coordinate scanning and identification of vulnerabilities
- Provide guidance on secure SLC and minimal cyber controls for local application development
- Key point of contact for local security architecture design – such as local boarders and systems
- Key contact for dawn raids for information security IT specific actions
- Responsible to identify and address all IT specifics points during or after the dawn raid
- Coordinating operational tasks such as patch management requirements and compliance with ISRM standards
- Ensure application & server owners maintain inventory (CMDB) accuracy.
- Educate business owners on the importance and availability of fully automated patching services. Allowing the business to simply select time/date for security patch installation and server restart without local resource requirement or involvement.
- Key subject matter expert for in country/region specific privacy requirements – conducts assessments if needed
- Lead and provide expertise for country/region ISRM training and awareness campaigns
- Responsible to establishing in-country VRM program under direction of BTS
- Communicate prioritization criteria and help identify vendors with access to sensitive data.
- Responsible for oversight and enforcement of internal security policies and applicable external cyber regulations
- Work collaboratively with local legal teams to protect personally identifiable information (PII)
- Promotes a global ISRM perspective
- Communicate and align ISRM , to Regional and local IT and business management.
- Understands business unit strategy and translates business strategy in an aligned ITSRM strategy of programs, projects and applications
- Builds solid and efficient organizational structure and relationship with Global organization to assure alignment and compliance with Guidelines, policies, roadmaps and procedures.
- Creates a working environment that is motivating and helps collaborators to grow in their positions
Position Accountability / Scope
Reports to the IT Director, Cyber Regional Programs. The scope of this position is country/region specific and considers the information security implications unique to all Abbott divisions when developing governance and risk management strategies. No direct budget responsibility.
• Bachelor's degree in Information Security, Computer Science, or related field
Minimum Experience/Training Required
• 7-10 years of experience is required.
• Possess CISSP certification (or similar) preferred and be knowledge of local regulatory requirements including privacy and data localization as well as international regulatory compliances and frameworks such as ISO, NIST, SOX, HIPAA, and PCI DSS is desired.
Information Risk & Quality Assurance
GIS Global Information Services
China > Shanghai : 388 Nan Jing Road West
SIGNIFICANT WORK ACTIVITIES: