- Information Technology
- Shanghai - China
At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.
Dyson IT is mid-transformation. Our aim, to create robust IT architecture, to manage data effectively and efficiently and continue to grow our world-class team. A team who is strategic, enabling business acceleration, growth and success.
Our Cyber Security team
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
About the role
Through this role you will provide IT security advices to various teams across the business entities in Greater China region (China, Hong Kong, Taiwan) including IT architects, developers and engineers, programme managers, and business data owners. Your aim will be enabling the business to achieve their goals through effective security solutions and a strong cyber security culture.
You will need to build rapport quickly and project confidence in your actions and recommendations. Throughout your tasks you will need to advice and ensure your recommendation are compliant to the Dyson IT Security standards, applicable industry good practices and local legistations (e.g. China Cyber Security Law), ensuring appropriate security governance are followed, and technologies are adequately implemented and secured.
Alongside the above, you'll also be responsible for the following:
Provide operational management and be accountable for the development, implementation, communication, maintenance and governance in line with the Global IT Security Risk and Compliance framework, Group Cyber Security strategy and supporting roadmap implementatiomn for Greater China region.
Working as part of the IT Security Risk and Compliance team you will become the trusted adviser and steer to Market IT director, Head of IT, IT SMEs and business by pro-actively providing IT risk and compliance leadership and guidance/recommendations to ensure framework, controls and risk mitigations are applied consistently across Dyson’s Greater China region.
Work alongside our Global Head of IT Security Risk & Compliance team to contribute effectively to our Cyber Security Strategy, Governance Framework, and Roadmap. This include close collaboration with Cyber and Group security during incident / crisis when required.
Serve as a security expert and drive IT security risk and compliance assessment, ensure Information Security Management Systems (ISMS) are adhered to for application development, database design and network and/or platform projects, helping project teams comply with IT & Cyber security policies, roadmap, industry regulations and best practices.
Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support Dyson’s security requirements for handling sensitive data.
Act as a single point of contact (business partner management) for all security engagement in projects to support key initiatives from Market IT and business divisions for Greater China region.
Drive security campaigns globally to effectively enhance security awareness across Greater China network.
Provide necessary consultancy and steer to Greater China IT, in close collaboration with the other Cyber Security and Business functions to ensure global IT security framework and controls are applied consistently across.
Responsible for coordinating the security assessment and on-going assurance activities with the support from key business and IT stakeholders to ensure compliant to China Cyber Security Law. Work closely with legal counsel, privacy, group security and IT functions to drive risk mitigation plans if needed.
Responsible for reporting and communication to relevant stakeholders about the level of compliance to the policy framework. Drive Dyson’s key stakeholders for remediation of repeated non-compliance to the policy frameworks by working with IT and the Group senior management and ensure there is enough support to actions that might need to be taken to enforce compliance.
Drive and co-ordinate all IT security compliance assessment (ISMS/PCI/SWIFT/ITGC) on behalf of IT in respect to Dyson Cyber Security Framework. The responsibility includes supporting ongoing management of IT security standards in close collaboration with Group Security, Information Risk Management, Data Governance, Privacy, Legal & Compliance, and Internal Audit.
Plan and collate measurement metrics that will provide a realistic view of the compliance state of the IT environment of Dyson to local stakeholders and ensure local IT implement the controls effectively.
Engage in discussions concerning the control framework with Internal / External Auditors (audit related); cooperate in completion of such audits.
Oversee the closure of audit action points and issues; work with the department heads to ensure accuracy and completeness of responses.
Regularly review cyber threats and vulnerabilities within Greater China region to ensure effective risk mitigations, and responsible for coordinating security incidents locally with the support from Group Cyber Defence function.
Conduct training, awareness, case study sessions on themes relevant to the current control environment to ensure uniform appreciation of existing risks and controls among the Operations teams.
Initiate programs/projects/analysis (as necessary) to pave way for a better control framework and continuous improvements across Greater China.
Keep abreast security advisories & alerts, security trends & practices.
We seek applications from individuals with an exceptional track-record of leading and implementing regional IT security risk and compliance initiative encompassing a range of responsibilities, including IT security policy, governance, compliance, risk management, and awareness to continuously improve security maturity and culture within Dyson Greater China region.
Alongside this, you'll bring the following:
A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.
An exceptional track-record of leading and implementing regional Cyber Security teams, encompassing a range of responsibilities including operational IT security, consultancy, implementation, and compliance.
Demonstrable experience of developing strong partnerships across senior management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.
Demonstrable experience of implementing security program in China to meet China Cyber Security Law for similar industry.
Strong hand-on knowledge of industry standard frameworks (ISO 27001&2, NIST, ITIL etc.), best practices (OWASP, CSA) and regulations (PCI DSS, China Cyber Security Law, etc.)
Practical knowledge and experience specific to enterprise information security (IT Infrastructure, Networks, Applications, Security controls, etc.)
Practical knowledge of security tools, techniques and best practice within enterprise environments.
Practical knowledge of DevOps practices and embedding security in the software development life-cycle.
Practical knowledge of current industry security threats, challenges and mitigation techniques.
Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.
Ability to translate and distil complex technical information across all levels of the organization as required for the audience.
Ability to effectively develops and manages all defined communication channels and relationship management with diverse stakeholder groups.
- Ability to work well under minimal supervision, communicate effectively with Global teams, and handle relationship across multiple suppliers within responsible region.
- Fluent in English and Mandarin Language is a must for this role.
We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate.