Data Expert_C
你的任务
About Us:
We are a regional Information Security and Data Protection department dedicated to providing innovative and world-class governance in Information Security and Data Protection. The team plays a pivotal role in supporting our regional business and clients, ensuring compliance with regional laws, regulations, and Bosch Group central directives in terms of Information Security and Data Protection. To better achieve this goal, we have additionally established a Data Compliance Expert Team (China Study) to address relevant Chinese laws (e.g., Cybersecurity Law, Data Security Law, and Personal Information Protection Law), regulations, and national standards (GBs). This expands the scope to include the areas regulated by these legislative frameworks.
Job Description:
- Update and maintain regional ISP regulatory frameworks, closely track business changes and legislative updates including PIPL, DSL, CSL, MLPS, VSDM and other relevant cybersecurity & data regulations.
- Standardize daily governance processes, compile unified management templates, and deliver professional compliance guidance to relevant teams.
- Establish internal IT security and compliance standards based on business data flow characteristics, and align with upcoming legal and regulatory requirements.
- Continuously maintain and iterate the enterprise information security risk landscape, as well as unified data classification management system.
- Conduct regular technical security assessments across multiple scenarios, covering legal entity-level data & business process assessment, vehicle data security management review, cross-border data transfer risk assessment, MLPS classified protection certification assessment, and compliance audit for cloud platforms & IT applications.
- Liaise and align with internal CGA teams and external regulatory authorities on the formulation and implementation of information security standards.
- Drive industry-level technical lobbying and engagement; actively participate in industry associations and professional committees to capture policy trends and shape industry consensus.
- Provide professional support to GE teams by answering technical and operational questions regarding the implementation of information security and data compliance control measures.
- Assist business units in coordinating external audit work, focusing on data localization, data processing specification and related compliance verification.
- Organize and execute internal information security audits, track rectification actions, and ensure full implementation of corrective measures and risk closure.
- Report key security risks and corresponding business impact to senior management on a regular basis, and propose targeted mitigation suggestions.
- Design and deliver information security awareness and skill training, and conduct follow-up compliance inspection and audit.
- Continuously monitor newly issued and upcoming laws and regulations in telecom, cybersecurity, information security and data protection fields; identify high-compliance-risk clauses that may impact Bosch local business and product layout.
- Provide in-depth legal and compliance consultation during the development of internal procedures, management templates and special reporting mechanisms for cybersecurity and data security governance.
- Roll out targeted training programs to improve local team awareness and practical capabilities for new telecom and cybersecurity laws, adapting to the evolving Chinese regulatory framework.
- Establish and maintain connections with peer enterprises and industry organizations (e.g., EU Chamber of Commerce in China) to exchange best practices and jointly optimize cybersecurity and data compliance management.
您的个人资料 - Bachelor's degree or above in computer science, information technology, data protection, cybersecurity or related field
- Solid comprehensive knowledge of Chinese mainstream cybersecurity and data compliance regulations, including PIPL, CSL, MLPS, DSL, VSDM and telecom industry-related laws, with systematic understanding of local legislative updates and compliance enforcement trends.
- 5+ years of experience in information security, data protection, or cybersecurity
- In-depth expertise in IT security, cloud security, data security, cross-border data governance, vehicle data management and API security; proficient in technical security assessment, log evaluation, data classification and risk landscape management.
- Strong understanding of information security and data protection legal framework and compliance requirements
- Excellent consulting and training capabilities, able to design and deliver information security & compliance training, and improve organizational awareness of cybersecurity and data protection laws.
- Fluent in written and verbal English for multinational working environment; strong logical analysis, cross-departmental coordination and multi-task management abilities.
- Proven experience in security audit management, remediation tracking, external auditor coordination and regulatory communication; able to independently drive non-compliance rectification and risk closure.
- Programming/Penetration test experience is preferred
- Project management experience is preferred
- IAPP-E/A, CISSP, CISA, ISO/IEC 27001, CISP, PI China Auditor, MIIT area certificate are preferred
- Bachelor's degree or above in computer science, information technology, data protection, cybersecurity or related field
- Solid comprehensive knowledge of Chinese mainstream cybersecurity and data compliance regulations, including PIPL, CSL, MLPS, DSL, VSDM and telecom industry-related laws, with systematic understanding of local legislative updates and compliance enforcement trends.
- 5+ years of experience in information security, data protection, or cybersecurity
- In-depth expertise in IT security, cloud security, data security, cross-border data governance, vehicle data management and API security; proficient in technical security assessment, log evaluation, data classification and risk landscape management.
- Strong understanding of information security and data protection legal framework and compliance requirements
- Excellent consulting and training capabilities, able to design and deliver information security & compliance training, and improve organizational awareness of cybersecurity and data protection laws.
- Fluent in written and verbal English for multinational working environment; strong logical analysis, cross-departmental coordination and multi-task management abilities.
- Proven experience in security audit management, remediation tracking, external auditor coordination and regulatory communication; able to independently drive non-compliance rectification and risk closure.
- Programming/Penetration test experience is preferred
- Project management experience is preferred
- IAPP-E/A, CISSP, CISA, ISO/IEC 27001, CISP, PI China Auditor, MIIT area certificate are preferred
