Represents Healthineers China for cybersecurity, defines local cybersecurity strategy and initiatives according to local business and local law environment, ensure implementation of them, and adapts global policies, controls and process in cybersecurity.
- Overall China Cybersecurity Law(s) compliance coordination and management, together with PSSO, IT, DPO and Legal. Including the responsibility for: CBDT1, CPCS2, regulated data compliance (important data), Gap remediation, etc.
- Drive and ensure overall implementation of local cybersecurity laws/regulations requirements for sales portfolios (Product/Service/Solution) and IT/OT infrastructure for Healthineers China.
- Actively influence local product security standardization/regulations.
- Lead the establishment of local cybersecurity management policies, derived from local laws/ regulations, and ensure global product/ service design guidelines reflect these requirements.
- Lead critical incident handling decisions.
- Assesses and mitigates cybersecurity risks, and monitor compliance to local laws/ regulations regarding cybersecurity controls and report status country CEO and affected departments (e.g. PSSO, IT, DPO).
- Be the senior contact interface for local security authorities/institutes, e.g. CAC, MPS, MIIT, etc. (in alignment with SHS AP CHN PA&NPMK), standardization bodies, partners and communities, as well as internal interface with Healthineers HQ/Region/Business Executives.
- Lead and develop the local cybersecurity ecosystem and teams, establish cross organizational community.
- Degree in computer science, business informatics or a similar – ideally with a focus on cybersecurity;
- Familiar with country legal requirements/regulations in terms of cyber security topics
- Previous knowledge and experience in Information Technology, Cyber Security threats, Information Risk Management and Protection Management;
- Work experience with relevant standards and frameworks (e. g. ISF IRAM);
- Certified with certifications such as CRISC, CISM, CISA, CISAW, CISP, CPCS;
- Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations;
- Experience in applying Information Risk methods IT, OT and product environments with critical data;
- Knowledge of IT supply chain security and supply chain risk management policies, requirements, and procedures;
Organization: Siemens Healthineers
Company: Siemens Healthineers Ltd.
Experience Level: Experienced Professional
Job Type: Full-time