特斯拉IT Risk & Compliance Analyst (Information Security)
任职要求
Must • Ability to conduct regulation research, interpretation, compliance assessment, root cause analysis, risk identification, working paper preparation and can handle internal reporting within the team or working level stakeholders independently. • 5 to 7 years of Information Security working experience in house or from consultancy/accounting firm, with hands-on experience in any two areas mentioned bellows: - Cybersecurity Law (CSL) compliance - Data Security/Protection Law compliance - ISMS/ISO 27001 implementation and operation • Graduates from 985, 211 universities or oversea universities, with at least Bachelor’s degree in Computer Science, Information System management, or equivalent majors. • Working efficiency in English and Chinese (both speaking and written). • Good communicator and able to articulate requirements and expectations. • Collaborative in nature, result oriented, and highly self-motivated to bring task forward with a quality delivery. Preferred • Oversea education or working experience • Experience in Personal Information Protection Law (PIPL) compliance and supplier security management • Experience in Automotive, Financial Industry (Insurance, leasing or loan) • Certification of CISA, CRISC, CISM, CISSP, CIPM This job application may involve an interview with an interviewer outside of Tesla China. If you complete your application, you agree Tesla provides your application information to overseas interviewers in Tesla, Inc. for recruitment purposes. More details and contact information please seehere. (here hyperlink: https://app.mokahr.com/social-recruitment/tesla/46129#/)
工作职责
THE ROLE This role will work as Senior role to support IT Risk and Compliance lead (China & APAC) in Information Security areas, and to effectively collaborate with stakeholders to develop policies/processes, identify issues and risks, suggesting risk remediation strategies and driving towards compliance. RESPONSIBILITIES • Develop and maintain Tesla Information Security policies, frameworks, guidance and metrics based on internal, domestic and industrial information security regulations and standards, such as ISO27001, ISO27701, NIST, etc. • Collaborate with Product owners, Engineers, and Business process owners, and system owners to ensure security process are well established and followed. • Support in cyber compliance programs including China Cybersecurity Law (CSL), China Data Security Law (DSL) and Personal Information Protection Law (PIPL) compliance. • Assist in IT Governance, Risk and Compliance team in documenting and reporting control deficiencies upon discussion with business owners, Internal Auditors and collaborate with business owners regarding recommendations to address the root cause of issues and report support implementation of management remedial actions.
1. Based on IT related regulations and business strategy, establish risk-driven IT audit plan; 2. Independently execute IT audit projects, identify and evaluate risks and internal controls of IT audit able areas, identify root cause of the audit findings and present to the auditees, prepare audit reports that meet internal and local regulatory requirements; 3. Communicate with management of problems discovered, provide effective and efficient action plans and validate the remediations; 4.Provide value-added services to the business, including cost reduction& efficiency enhancement, business process optimization, cooperating with regulatory inspections and organizing related training and sharing; 5.Able to establish continuous monitoring models to improve the efficiency of audit projects; 6.Provide IT audit services to Netherlands, at minimum, scope may expand. 1. 根据 IT 相关法规和业务战略,制定以风险为导向的 信息技术审计计划; 2. 独立执行 IT 审计项目,识别和评估 IT 审计领域的风险和内 2. 独立执行 IT 审计项目,识别和评估 IT 审计能力领域的风险和内部控制,确定审计发现的根 2. 独立执行 IT 审计项目,识别并评估 IT 审计领域的风险和内部控制,找出审计发现的根本原因并向被审计方报告,编写符合内部和当地监管要求的审计报告 和当地监管要求的审计报告; 3. 3. 就发现的问题与管理层沟通,提供有效和高效的行动计划 3. 与管理层沟通发现的问题,提供切实有效的行动计划,并验证补救措施; 4.为业务提供增值服务,包括降低成本& 4. 为企业提供增值服务,包括降低成本和提高效率、优化业务流程、配合 4.为业务提供增值服务,包括降低成本和提高效率、优化业务流程、配合监管部门的检查以及组织相关培训和分享; 5.能够建立持续监控模型,提高审计项目的效率 5.能够建立持续监控模型,提高审计项目的效率; 6.至少为荷兰提供 IT 审计服务,范围可扩展。
1. Based on local regulations and business strategy, assist the manager establishing risk-driven audit plan. 2. Independently identify and evaluate risks and internal controls of auditable subject, based on understanding of local regulatory requirement,, the company's strategies and business layout and prepare audit reports that meet internal and local regulatory requirements. 3. Communicate with management of problems discovered, provide effective and efficient action plans and validate the remediations. 4. Provide value-added services to business developments, including cooperating with regulatory inspections and organizing related training and sharing. 5. Able to establish continuous monitoring models to improve the efficiency of audit projects. 6. Provide audit services to Ant Group International Business Group as needed.
1. Monitor and track global data security & compliance policies, analyze the requirements and impacts of policies on international cloud business, and work closely with headquarters to promote the certification of relevant policies and qualifications in the region or country to ensure business meet the compliance requirement; 2. Work closely with the regional business team to understand the customer compliance requirements, and coordinate with the headquarters to support; 3. Establish a routine communication mechanism with major national and regional compliance industry associations, and actively participate in the corresponding compliance activities and delivery of corresponding white papers; 4. Analyze global compliance updated policies, and share relevant compliance content for regional business teams and international staff; 5. Work as a project manager to conduct regional security & privacy compliance audits;
The Assortment, Content & Ads Governance Team (ACAG team) is part of the Lazada’s Risk and Security, and it is charged with the mission of developing a comprehensive strategy for Lazada with regards to assortment, so as to foster a healthy and safe e-commerce environment for our users. The role is responsible for developing and implementing proactive strategies and operational processes to protect users from Assortment and Content related risks (Prohibited and Controlled Goods, IP infringement products, hate speech etc). You will have access to analytical tools to develop and implement strategies and solutions using data driven methodologies to mitigate the risks associated with platform assortment and content. Responsibilities: - Develop a deep understanding of the eCommerce customer and seller journey, including registration and onboarding, product listing, order placement, payment, user interactions, returns and refunds, user reports and feedback, etc. - Develop subject matter expertise on eCommerce platform operation and governance, where rules, strategies, and enforcements are effectively established to ensure users are compliant with platform policies. - Lead cross-functional efforts to enhance platform policies and operational mechanisms, fostering a collaborative environment to support ongoing strategy refinement. - Work with large data sets to analyze patterns, trends, and modus operandi of platform operation and governance issues (as well as merchants who perpetrate these issues). - Make data-driven recommendations on prioritization of controls for platform governance and product compliance. - Collaborate with PD, Tech, and Algo counterparts to build machine learning models and rules to detect assortment and user related operation and governance issues on the platform. - Operate the risk engine, including the creation and continuous evaluation of rules to prevent and detect platform operation and governance issues. - Capture and communicate findings with internal and external stakeholders through dashboards, periodic reports, and presentations.