The Senior Manager, IT Security & Compliance is a key role within AbbVie’s Information Security & Risk Management (ISRM) organization. They will lead AbbVie’s China Cybersecurity Law (CSL) compliance program and MLPS certification related activities in partnership with ISRM, Commercial IT, Aesthetics IT, and Infrastructure organizations. They will also partner with other organizations within AbbVie, such as Human Resources, Legal and Privacy, to ensure compliance with all necessary regulations and internal policies/processes.
- Serves as designated cybersecurity leader for AbbVie China pursuant to CSL, Multi-Level Protection Scheme (MLPS) and PIPL requirements.
- Manage the planning and execution of AbbVie’s China Cybersecurity Law compliance program, including:
- Completion and submission of CSL and MLPS certification documentation for AbbVie in China;
- Training of employees and contractors (as required) on CSL compliance;
- Maintain currency in CSL and MLPS compliance requirements,
- Recommend updates to, or changes in, relevant internal policies and procedures to meet CSL / MLPS requirements;
- Monitor new applications and changes in applications to ensure CSL compliance as required;
- Ensure timely completion of required recertifications;
- Develop and manage CSL program budget and resource requirements;
- Consult with IT and business on CSL compliance;
- Develop programs to audit and validate CSL compliance.
- Responsible for all CSL and MLPS-related filings and certifications.
- Serves as primary point of contact for CSL certification process with Public Safety Bureau.
- Manages third party CSL certification agency relationships including annual budget and procurement processes.
- Be the single point of contact liaising with AbbVie’s third party vendors to ensure MLPS certifications and remediation
Partner with China Commercial and Aesthetics Business Technology Solutions teams to plan for application remediation when necessary
- Bachelor's Degree or equivalent certification or experience.
- 7+ years’ experience in in an IT security or and compliance role
- Experience in all domains of information security and software lifecycle
- Strong familiarity with global IT security standards (ISO 27001, NIST CSF, etc.)
- Expertise with China Cybersecurity Law compliance, familiarity with Multi Level Protection Scheme and related regulations.
- Excellent analytical, judgment and consultative capabilities and communication skills and the ability to work with IT management and staff.
- Experience working in a different location than supervisor preferred.
- Experience working in a matrixed organization preferred.
- Information Security certification (i.e. CISSP, CISM, etc.) preferred
- Fluency in Mandarin, and English required.
Travel: Yes, 20 % of the Time
Job Type: Experienced