IKEA Supply China (“ISCN”) is the wholesale business unit buying IKEA goods from Suppliers and selling to retailers in Asia Pacific region, comparable to IKEA Supply AG. As a unit equipped with finance, legal, risk, compensation & benefit, corporate communication specialists, ISCN also provides common/shared services to all Inter IKEA business units and sites in China.
About the job The main objective of Risk & Compliance is to secure the Information Security/Data Privacy development in Range & Supply CN entities and the compliance to China Cyber Law requirement.
This role secures the implementation of the Inter IKEA ISDP policy and rules, as well as the fulfillment to China Cyber Law requirement.
Your assignment • Develop CN Cybersecurity governance and management. • Develop & implement local ISDP rules, working method and template. • Set up & coordinate for CN ISDP forum. • Work closely with Legal representatives and be the contact window with local authorities. • Perform recurring CCL assessment & CN specific remediation actions for all in-scope solutions, including MLPS, CBDT, Privacy, Digital Channel Specific Risk, Vender Security Risk Management and etc. • Be the Local responsible for ISDP incident handling. • Monitor CCL related regulation update. • Coordinate with INGKA IT CN for the local solutions development, for the compliance of ISDP and vendor management requirements. • Coordinate with R&S business solution & INGKA IT for regular cybersecurity testing, including vulnerability scanning and management for local applications and environments. • Build up co-workers’ awareness in ISDP requirement. • Work close to the global and regional setup and giving input to the global projects as well as implementing the global policies and rules.
Your profile A Knowledge • Education: Bachelor of Engineering or equivalent, majoring in Computer Sciences or engineering, or information security preferred • Experience: Minimum 4 years of IT experience, out of which 2 years with IT Security and Data Privacy Protection • Experience with Information Security and/or Technology Risk Management • Thorough understanding of cyber security frameworks and data privacy protection frameworks such as NIST CSF, ISO-27001 • Familiarity with Chinese cyber security laws, GDPR and applicable regulations/mandates is required • Certifications: Information Security, risk management and data privacy related certification (e.g. CISA, CISM, CISSP) is desirable but not a must
B Motivation • Continuously striving for excellence and simplicity • Enabling change • Safeguarding IKEA's interest as a totality • Governance and compliance
C Job-specific capabilities • Strong communication skills is a must. The resource should be able to effectively communicate with cross-functional teams and vendors, both written and oral communication is critical. • Fluency (written, spoken and read) in Mandarin Chinese and English; the ability to understand and translate technical documentation from Mandarin Chinese to English, vice versa is required. • Excellent project management skills • Self-driven and multi task handling
D Leadership capabilities • Develop the business and deliver results • Lead and develop people • Inspire and clarify • Create togetherness • Find better ways • Enable change