Cybersecurity Assurance & Compliance Senior Lead

Job Description

Job Description:

We are seeking a Senior Security Architect to mature the security posture for Mars China cross-segment enterprise systems and strengthen end-to-end regulatory data compliance and data protection capabilities. The role is critical to embed security-by-design principles into our full digital initiative lifecycle, defines enterprise-grade security standards and reference architectures in China digital ecosystem, and continuously enhances security defences using threat intelligence, audit findings, and vulnerability insights aligned to global Mars Security frameworks and local Chinese regulatory requirements.

What are we looking for?

Core Technical Requirements

1.Enterprise Security Architecture Core Expertise (Top Requirement)

1)Proven hands-on experience as a Security Architect, with a track record of designing, implementing, and governing enterprise-grade security architectures for cross-functional, multi-segment organizations (FMCG, manufacturing, or retail industry experience preferred).

2)Deep expertise in security-by-design and shift-left security methodologies, with the ability to embed security controls into the full digital development lifecycle without impeding business agility.

3)Demonstrated experience defining and maintaining enterprise security standards, reference architectures, and security control frameworks aligned with global industry best practices.

2.Mandatory Foundational Information Security Knowledge (Comprehensive Supplement)

1)Network & Infrastructure Security Fundamentals: Deep understanding of OSI/TCP/IP models, network segmentation, zero trust architecture (ZTA) principles, next-generation firewalls (NGFW), WAF, IDS/IPS, VPN, zero trust network access (ZTNA), and enterprise network security design.

2)Identity & Access Management (IAM) Fundamentals: Mastery of the least privilege principle, single sign-on (SSO), multi-factor authentication (MFA), privileged access management (PAM), identity governance, and directory service security.

3)Application & API Security Fundamentals: Expert knowledge of the OWASP Top 10, secure software development lifecycle (SDLC), static/dynamic/interactive application security testing (SAST/DAST/IAST), API security controls, and secure coding best practices.

4)Data Security Fundamentals: Deep understanding of data classification & grading, symmetric/asymmetric encryption, hashing algorithms, data masking & anonymization, data leakage prevention (DLP), and data lifecycle security management.

5)Cloud & Cloud-Native Security Fundamentals: Working knowledge of mainstream cloud platforms (Azure/Alibaba Cloud) security architectures, cloud shared responsibility model, container/Kubernetes security, and serverless security best practices.

6)Threat & Offensive/Defensive Security Fundamentals: Familiarity with the MITRE ATT&CK framework, common attack vectors and tactics, penetration testing fundamentals, and cybersecurity incident response processes.

7)Risk Management Fundamentals: Solid understanding of qualitative/quantitative risk assessment methodologies, and industry standard frameworks including NIST Cybersecurity Framework, ISO 27001/27002, and COBIT.

3.Security Governance & Architecture Review Expertise

• 1)Hands-on experience leading security reviews for enterprise architecture initiatives, participating in or leading Security Architecture Review Board processes, and driving remediation of identified security gaps.

2)Ability to translate complex technical security requirements into clear, enforceable policies, standards, and guidelines for technical and non-technical audiences.

4.Regulatory Compliance & Data Protection Expertise

1)Deep working knowledge of Chinese local cybersecurity and data privacy regulations, including the Cybersecurity Law, Data Security Law, Personal Information Protection Law (PIPL), and Cybersecurity Classified Protection 2.0.

2)Familiarity with global compliance requirements for multinational enterprises, including GDPR, PCI DSS, and other industry-specific security mandates.

5.Threat & Vulnerability Management Capabilities

1)Proven ability to leverage threat intelligence, vulnerability assessment data, and audit findings to identify architecture-level security risks and recommend targeted, cost-effective mitigation solutions.

2)Experience driving continuous security posture improvement for enterprise systems and platforms.

Soft Skills

1.Strong cross-functional collaboration and stakeholder management skills, with the ability to partner effectively with technical teams, business leaders, and global security functions across different segments and regions.

2.Excellent verbal and written communication skills in both English and Chinese, with the ability to clearly articulate complex technical security concepts and risk decisions to both technical and non-technical audiences.

3.Strong critical thinking and problem-solving skills, with the ability to balance security risk mitigation with business agility and operational efficiency.

4.Strong sense of ownership, accountability, and attention to detail, with the ability to manage multiple high-priority initiatives simultaneously in a fast-paced, dynamic business environment.

5.Continuous learning mindset, with a commitment to staying updated on the latest cybersecurity threats, technologies, industry best practices, and regulatory changes.

What will be your key responsibilities?

A. Core Security Architecture & Secure-by-Design Delivery

1)Provide end-to-end security architecture consulting, design and technical review for cross segment enterprise digital systems, business applications, ensuring confidentiality, integrity, and availability (CIA) across IT systems, applications, and data flows.

2)Partner with Segment teams, Enterprise Architecture (EA), and key stakeholders to conduct pre-development security assessments, define tailored and enforceable security controls, and embed security-by-design and shift-left principles into all digital transformation initiatives.

3)Define, maintain, and evolve enterprise security architect principles, technical guidelines, mandatory security standards, and re-useable reference architecture patterns that align with Mars global future-state enterprise architecture roadmap.

B. Architecture Governance and Review board Delivery

1)Serve as the dedicated security architect subject matter expert (SME) and lead security architect for all cross-segment initiatives entering the formal Security Architecture Review process, collaborating with EA leads and project teams to deliver timely, rigorous, and actionable security reviews.

2)Document identified security gaps/non-compliance issues and prioritized technical remediation recommendations, align corrective actions with Mars Global policies/standards and China local regulatory requirements, and track end-to-end closure of review actions with clear deadlines and regular progress updates to stakeholders.

3)Clearly articulate security architecture review outcomes, risk assessments, and risk acceptance decisions to both technical audiences and non-technical business stakeholders in relevant forums and cross-functional governance meetings. Threat, Vulnerability, and Audit-Driven Improvements.

C. Threat, Vulnerability, and Audit-Driven Security Posture Enhancement

1)Leverage actionable threat intel, audit findings, vulnerability assessment data, and other security assessment results as sources to identify critical security deficiencies and recommend targeted, architecture-level security improvements.

2)Provide expert technical inputs into the development of Mars China Security Architecture Strategy and priority focus areas to systematically mature the enterprise’s overall security posture and risk management capabilities.

D. Security Alignment & Regulatory Compliance

Support end-to-end security compliance assessments for new and existing projects, ensuring full alignment with Mars security policies/standards, as well as mandatory local and global regulatory obligations including cybersecurity, data privacy, and data protection requirements.

#TBdigital