Security & Compliance (PIPL, DSL, CSL)

Requires exceptional knowledge of Security standards and advanced knowledge of others and applies these skills to ensure the Business Units in China meets its goalsCreates an environment where innovation is standard taking appropriate risks to advance innovative processesInterpret and apply China regulatory requirements into actionable IT controls.Ensure personal data of Chinese citizens is localized within Mainland China.Establish and maintain security policies, compliance documentation, and audit evidence.Provide guidance on cross-border data transfer approvals, security assessments, and contractual obligations.

Cloud Infrastructure Security

Manage cloud accounts in AWS China, Azure China, or equivalent providers.Implement and maintain IAM, KMS, encryption, VPC security, logging, and monitoring.Conduct regular vulnerability assessments, patch management, and threat detection.Ensure secure backup, recovery, and disaster recovery solutions are in place.

 Separation of Duties & Access Control

Enforce strict RBAC policies between global and local teams.Review and audit privileged access accounts.Ensure compliance with least privilege principles and monitor access logs.Drive remediation of any separation of duties violations.

 Collaboration with Local Application Teams

Work with China application and infrastructure teams to ensure compliance controls are built into solutions.Review application architectures for data residency and PIPL compliance.Support secure IDLC and cloud-native security practices.

 Audit & Risk Management

Act as the primary point of contact for internal and external auditors in China.Conduct and support periodic compliance reviews and penetration tests.Track findings and ensure timely remediation.Develop and maintain compliance dashboards and risk registers.

 Global Collaboration

Align China-specific compliance requirements with global security policies (ISO 27001, NIST, GDPR).Share regular updates, risks, and compliance status with global leadership.Support global security projects while ensuring China regulatory requirements are not compromised.

BASIC QUALIFICATIONS  

Education: Bachelor’s degree in Computer Science, Information Security, or related field.Experience: 4+ years in cloud security, compliance, or audit roles.Technical Skills:Hands-on with AWS China / Azure China security features.Strong knowledge of IAM, encryption, SIEM, CSPM, DLP, vulnerability management.Familiar with DevSecOps practices.Compliance Knowledge:Deep understanding of China PIPL, DSL, CSL.

PREFERRED QUALIFICATIONS 

Experience with ISO 27001, GDPR, SOC2, or equivalent frameworks is a plus.Soft Skills:Strong stakeholder management and communication skills.Ability to work with both local Chinese teams and global counterparts.Fluent in Mandarin and English.  
Work Location Assignment: On Premise

Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.

Information & Business Tech