Share this Job

Information Security Lead, China

Date: Oct 12, 2021

Location: Pudong New District, SH, CN, 201204

Company: Lubrizol Corporation

Role Accountability

The information security lead role will serve as subject matter expert and be accountable for providing information security services in their region of responsibility.  This includes leading efforts in identifying, assessing and remediating Cybersecurity risk, providing insights and input that influence the global Information Security program and ensuring compliance with the China Cyber Security Law (CSL) and other applicable regulations.


Essential Job Functions

  • Identify emerging Cybersecurity threats, risks and trends in China and the Asia Pacific region, interpret them for internal impact and inform management and stakeholders
  • Provide security consulting in region, ensuring proper risk identification and reporting
  • Maintain and manage regional security risks in corporate risk register  
  • Lead project and technology reviews, providing security-relevant guidance on risk and ensure systems and technologies meet security requirements 
  • Participate in IT and Cybersecurity threat evaluation and response for internal activities and security incidents in China 
  • Manage cyber risks and facilitate ongoing China Cyber Security Law compliance processes, including CPCS certification and CBDT compliance, the collection of evidence, remediation of non-compliant systems and overall CSL reporting
  • Participate in vendor risk assessments for regional 3rd party products and services  
  • Be the primary contact for any China-related information security knowledge and guidance
  • Educate users on security policies and best practices to prevent data breaches  
  • Coordinate with corporate security team to deliver security awareness training in China 
  • As part of a global information security team, provide insight and recommendations to leadership 
  • Provision/de-provision application and network access per user requests 
  • Other information security activities as needed 


Critical Competencies

  • Demonstrated effectiveness of working independently, establishing priorities and managing task completion aligned to the needs of the organization 
  • Organizational awareness with an understanding of how to engage the organization to achieve results.
  • Team player able to effectively build relationships and work in a collaborative, matrix-driven, global environment 
  • Sound decision making, proactive/creative problem solving and strategic thinking skills 
  • Strong IT process discipline and trouble-shooting skills 
  • Strong interpersonal skills
  • Must be able to drive clear accountability and expectations 
  • Responsive to internal stakeholders 
  • Strong written and verbal English, Mandarin required to communicate with local users, global colleagues  and senior functional leadership


Required Qualifications

Education / Certifications: 

  • Bachelor’s degree in Information Technology (IT) or related field



  • Minimum of eight (8) years of relevant IT experience with at least six (6) years of hands-on information security experience
  • Security expertise in China and the broader APAC region 
  • Experience implementing and supporting the China Cyber Security Law and requirements for security compliance including CPCS certification, cross-border data transfer (CBDT) and personal information protection regulations
  • Established expertise in tracking and analysing emerging threats, risks and trends in the Asia Pacific region, contextualizing them specific to company business processes, assets and personnel and informing stakeholders 
  • Experience in security domains including identity, access, authentication, encryption, 3rd party risk management, application security, network security, vulnerability and patch management, vendor risk management, information security metrics, policies, standards and procedures, etc.


Skills & Systems:

  • Microsoft Windows-based operating systems. Active Directory, OU, Group Policy Object 
  • Understanding of ICS/SCADA systems and architectures 
  • Knowledge of basic network concepts
  • Ability to resolve issues via undocumented methods via research and investigation  
  • Experience in documenting issues and solutions to assist end user/co-worker understanding


Work Environment

Role Scope:

  • Primary information security expert and point-of-contact for Lubrizol in China.


  • To locations in China as needed for support.  Occasional international travel (Singapore, US)


Job Segment: Information Security, Corporate Security, Consulting, Risk Management, Technology, Security, Finance