CASY-MSCCN Jobs

Let’s Talk about the Role

The Cyber Security Senior Manager will support VF’s Global Cyber Security Team by ensuring that information security risks associated with complex business operations are within acceptable tolerances.

You will perform information security risk assessments, provide direction and guidance to stakeholders concerning the handling of security risks associated with assessment findings, assist with the design of appropriate risk mitigation strategies, and serve as an audit quality assurance gate for internal and external auditors while driving compliance and audit work related to data privacy.

How You Will Make a Difference

You will achieve this by:

· Conduct the annual MLPS audit for 6 critical applications in VF China;

· Work together with vendor and internal team to review the existing system settings against MLPS standards, take remediation prior to/after onsite audit, make sure VF China pass the audit with increased audit scores.

· Work together with legal/compliance team to follow up on related updates of regulatory requirements regarding CBDT and data privacy, and make sure necessary actions are taken to address the changes

· Support global team to conduct the PCI audit project in APAC region, including store sampling, interview arrangement (translation), supporting preparation, clarification, etc.

· Work together with retail operation team to ensure the remediation actions are taken properly, i.e. updating of SOP, training enhancement, etc.

· Prisma China license purchase

· Follow up on the findings from Cloud Security Assessment project

· Monitor the active tickets on ServiceNow to make sure they are followed up timely by responsible personnel.

· Make sure the PO contact list is up to date.

· If needed, work together with vendors/in-house developers to make sure the remediation is well implemented.

· Conduct the vendor assessment with RSAM and Idea portal

· Besides the RSAM/idea portal review, enforce ""security by design"" by being part of the application development and sprint to ensure that security is in all phases of the application development lifecycle

· Arrange prior go live scanning and ensure all critical/high issues are fixed system launch

· Participate in the various milestones of project implementation to support the remediation of gaps

· Review RPA/AI related features according to VF standards

· Support the usage of MIP in APAC

· Collect the user feedback and support the continuous improvement

· Support the phishing simulation in APAC

· Based on the result of simulation, work together with SETA team to improve the reporting rate

· Support global SETA team on the CSAM related activities.

· Support the roll out of security training in APAC

· Support the completion of security awareness training and make sure the coverage

· Work together with legal team to hold the Data Privacy and InfoSec SteerCo Meeting on a regular base

Skills for Success

A formal education and subsequent University Bachelor or Master’s degree in information systems, computer science, or related field are preferred, but we are most interested in your total experience and professional achievements. That’s why:

· You rely on 5+ years of information security risk management, IT audit, and/or IT controls design and implementation experience.

· You possess a Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar credentials.

· You are familiar with industry best practices related to security and data privacy in Cloud environments.

· You have functional understanding of industry frameworks, regulations, legislation, and audit methodologies, including SOC 1, SOC 2, ISO 27001, SIG, NIST Cybersecurity Framework, Sarbanes-Oxley (SOX), PCI-DSS, MLPS and various other privacy laws.

· You are apt to broker complex discussions to achieve the proper balance between business needs and cybersecurity best practices.

· You possess the ability to influence others through persuasion to arrive at desired outcomes.

· You communicate effectively with a broad range of people and roles, including vendors, information technology professionals, and other business personnel.

· You desire to seize the initiative, operate proactively, and work in a highly independent manner.

· You are fluent in English and Mandarin, any other Asian languages are a plus.

R-20240131-0052

VF Diversity Vision Statement VF is committed to creating an inclusive environment that welcomes and values the differences among all of our associates, customers, suppliers and the communities in which we live and conduct business. The continued success and growth of VF is enhanced through initiatives that promote diversity throughout VF around the world.VF is an equal employment opportunity/ affirmative action employer of minorities, females, protected veterans and the disabled. VF is committed to providing equal opportunities in employment, and treating our VF associates and VF applicants without discrimination on the basis of their race, color, gender, age, national origin, religion, sexual orientation, gender identity or expression, marital status, citizenship, disability, protected veteran status, HIV/AIDS status, or any other legally protected factor.