特斯拉IT Risk & Compliance Analyst (Information Security)

About the Role: We are seeking a highly skilled and experienced Risk & Compliance Specialist to join Lazada’s growing cyber security team. In this role, you will play a key part in managing Third-Party Risk Management (TPRM) and Information Technology (IT) risk across Lazada’s business operations. You will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and internal IT systems, ensuring compliance with global standards and best practices. This is a hands-on role that requires strong cyber security knowledge, independent judgment, excellent communication skills, and a proactive mindset. As Lazada operates in a complex, multi-market environment across Southeast Asia, this role demands a candidate with demonstrable international risk management experience and a global regulatory outlook, as well as the ability to leverage data-driven insights to identify, assess, and mitigate risks effectively. The ideal candidate will be able to lead risk assessment projects from end to end, utilize data analytics to inform risk decisions, and collaborate effectively across cross-functional teams including procurement, legal, information security, and regional business units. Key Responsibilities: ● Lead end-to-end Third-Party Risk Management (TPRM) processes, including risk assessments, due diligence, control evaluations, and ongoing monitoring of vendors. ● Conduct comprehensive IT risk assessments for applications, infrastructure, and cloud environments. ● Develop and maintain risk frameworks, policies, and procedures aligned with industry standards (e.g., ISO 27001, NIST). ● Work closely with procurement, legal, information security, and business teams to ensure risk-aware decision-making. ● Prepare detailed risk reports and present findings and recommendations to stakeholders and senior management. ● Drive continuous improvement of risk tools, methodologies, and automation by leveraging data analytics and risk metrics. ● Utilize data to proactively identify emerging risks, measure control effectiveness, and support strategic risk prioritization. ● Stay up to date with evolving cybersecurity threats, regulatory requirements, and risk trends across international markets. ● Apply an international risk perspective when evaluating vendor and IT risks across diverse jurisdictions and compliance regimes.

1. Based on IT related regulations and business strategy, establish risk-driven IT audit plan; 2. Independently execute IT audit projects, identify and evaluate risks and internal controls of IT audit able areas, identify root cause of the audit findings and present to the auditees, prepare audit reports that meet internal and local regulatory requirements; 3. Communicate with management of problems discovered, provide effective and efficient action plans and validate the remediations; 4.Provide value-added services to the business, including cost reduction& efficiency enhancement, business process optimization, cooperating with regulatory inspections and organizing related training and sharing; 5.Able to establish continuous monitoring models to improve the efficiency of audit projects; 6.Provide IT audit services to Netherlands, at minimum, scope may expand. 1. 根据 IT 相关法规和业务战略，制定以风险为导向的 信息技术审计计划； 2. 独立执行 IT 审计项目，识别和评估 IT 审计领域的风险和内 2. 独立执行 IT 审计项目，识别和评估 IT 审计能力领域的风险和内部控制，确定审计发现的根 2. 独立执行 IT 审计项目，识别并评估 IT 审计领域的风险和内部控制，找出审计发现的根本原因并向被审计方报告，编写符合内部和当地监管要求的审计报告 和当地监管要求的审计报告； 3. 3. 就发现的问题与管理层沟通，提供有效和高效的行动计划 3. 与管理层沟通发现的问题，提供切实有效的行动计划，并验证补救措施； 4.为业务提供增值服务，包括降低成本& 4. 为企业提供增值服务，包括降低成本和提高效率、优化业务流程、配合 4.为业务提供增值服务，包括降低成本和提高效率、优化业务流程、配合监管部门的检查以及组织相关培训和分享； 5.能够建立持续监控模型，提高审计项目的效率 5.能够建立持续监控模型，提高审计项目的效率； 6.至少为荷兰提供 IT 审计服务，范围可扩展。

1. Based on local regulations and business strategy, assist the manager establishing risk-driven audit plan. 2. Independently identify and evaluate risks and internal controls of auditable subject, based on understanding of local regulatory requirement,, the company's strategies and business layout and prepare audit reports that meet internal and local regulatory requirements. 3. Communicate with management of problems discovered, provide effective and efficient action plans and validate the remediations. 4. Provide value-added services to business developments, including cooperating with regulatory inspections and organizing related training and sharing. 5. Able to establish continuous monitoring models to improve the efficiency of audit projects. 6. Provide audit services to Ant Group International Business Group as needed.

1. Monitor and track global data security & compliance policies, analyze the requirements and impacts of policies on international cloud business, and work closely with headquarters to promote the certification of relevant policies and qualifications in the region or country to ensure business meet the compliance requirement; 2. Work closely with the regional business team to understand the customer compliance requirements, and coordinate with the headquarters to support; 3. Establish a routine communication mechanism with major national and regional compliance industry associations, and actively participate in the corresponding compliance activities and delivery of corresponding white papers; 4. Analyze global compliance updated policies, and share relevant compliance content for regional business teams and international staff; 5. Work as a project manager to conduct regional security & privacy compliance audits;