You will own the delivery of critical cybersecurity and digital resilience tasks.
You will support broader digital risk initiatives for the Greater China (GC) region by partnering closely with consultants, Technology teams, Legal, Risk, and external vendors. In this role, you will operationalize key processes and controls to protect the firm and enable business growth in one of our most dynamic regions.
You will lead end-to-end Multi-Level Protection Scheme (MLPS) compliance, including assessments, audit coordination, certificate renewals, and ongoing risk tracking. You will drive and track the remediation of compliance and audit findings, implementing solutions based on priority to mitigate risks related to data security, control deviations, and privacy. Additionally, you will execute the data security roadmap, ensuring milestone tracking and gap remediation, while providing ad-hoc support for privacy audits, regulatory inquiries, and other compliance assessments.
You will manage the monitoring of and contribution to the central risk register. You will oversee the intake, assessment, documentation, and tracking of Product Security Reviews (PSR) for GC-region products prior to go-live to ensure full security compliance. Furthermore, you will execute the complete lifecycle of vendor risk assessments for all regional vendors and third-party engagements.
You will define local security controls, provide implementation guidance, and ensure adoption by product teams. You will also identify and define Responsible AI controls with actionable guidance and measurable thresholds. On the ground, you will support incident response investigations and vulnerability remediation tracking to ensure strict adherence to SLAs.
You will ensure the end-to-end governance and validation of digital risk, consistently enhancing the firm's security compliance posture by implementing effective controls throughout the product development lifecycle.
