Security & Compliance (PIPL, DSL, CSL)
● Requires exceptional knowledge of Security standards and advanced knowledge of others and applies these skills to ensure the Business Units in China meets its goals
● Creates an environment where innovation is standard taking appropriate risks to advance innovative processes
● Interpret and apply China regulatory requirements into actionable IT controls.
● Ensure personal data of Chinese citizens is localized within Mainland China.
● Establish and maintain security policies, compliance documentation, and audit evidence.
● Provide guidance on cross-border data transfer approvals, security assessments, and contractual obligations.
Cloud Infrastructure Security
● Manage cloud accounts in AWS China, Azure China, or equivalent providers.
● Implement and maintain IAM, KMS, encryption, VPC security, logging, and monitoring.
● Conduct regular vulnerability assessments, patch management, and threat detection.
● Ensure secure backup, recovery, and disaster recovery solutions are in place.
Separation of Duties & Access Control
● Enforce strict RBAC policies between global and local teams.
● Review and audit privileged access accounts.
● Ensure compliance with least privilege principles and monitor access logs.
● Drive remediation of any separation of duties violations.
Collaboration with Local Application Teams
● Work with China application and infrastructure teams to ensure compliance controls are built into solutions.
● Review application architectures for data residency and PIPL compliance.
● Support secure IDLC and cloud-native security practices.
Audit & Risk Management
● Act as the primary point of contact for internal and external auditors in China.
● Conduct and support periodic compliance reviews and penetration tests.
● Track findings and ensure timely remediation.
● Develop and maintain compliance dashboards and risk registers.
Global Collaboration
● Align China-specific compliance requirements with global security policies (ISO 27001, NIST, GDPR).
● Share regular updates, risks, and compliance status with global leadership.
● Support global security projects while ensuring China regulatory requirements are not compromised.
BASIC QUALIFICATIONS
● Education: Bachelor’s degree in Computer Science, Information Security, or related field.
● Experience: 4+ years in cloud security, compliance, or audit roles.
● Technical Skills:
● Hands-on with AWS China / Azure China security features.
● Strong knowledge of IAM, encryption, SIEM, CSPM, DLP, vulnerability management.
● Familiar with DevSecOps practices.
● Compliance Knowledge:
● Deep understanding of China PIPL, DSL, CSL.
PREFERRED QUALIFICATIONS
● Experience with ISO 27001, GDPR, SOC2, or equivalent frameworks is a plus.
● Soft Skills:
● Strong stakeholder management and communication skills.
● Ability to work with both local Chinese teams and global counterparts.
● Fluent in Mandarin and English.
Work Location Assignment: On Premise
Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.
Information & Business Tech