特斯拉IT Risk & Compliance Analyst (Information Security)

THE ROLE This role will work as Senior role to support IT Risk and Compliance lead (China & APAC) in Information Security areas, and to effectively collaborate with stakeholders to develop policies/processes, identify issues and risks, suggesting risk remediation strategies and driving towards compliance. RESPONSIBILITIES • Develop and maintain Tesla Information Security policies, frameworks, guidance and metrics based on internal, domestic and industrial information security regulations and standards, such as ISO27001, ISO27701, NIST, etc. • Collaborate with Product owners, Engineers, and Business process owners, and system owners to ensure security process are well established and followed. • Support in cyber compliance programs including China Cybersecurity Law (CSL), China Data Security Law (DSL) and Personal Information Protection Law (PIPL) compliance. • Assist in IT Governance, Risk and Compliance team in documenting and reporting control deficiencies upon discussion with business owners, Internal Auditors and collaborate with business owners regarding recommendations to address the root cause of issues and report support implementation of management remedial actions.

About the Role: We are seeking a highly skilled and experienced Risk & Compliance Specialist to join Lazada’s growing cyber security team. In this role, you will play a key part in managing Third-Party Risk Management (TPRM) and Information Technology (IT) risk across Lazada’s business operations. You will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and internal IT systems, ensuring compliance with global standards and best practices. This is a hands-on role that requires strong cyber security knowledge, independent judgment, excellent communication skills, and a proactive mindset. As Lazada operates in a complex, multi-market environment across Southeast Asia, this role demands a candidate with demonstrable international risk management experience and a global regulatory outlook, as well as the ability to leverage data-driven insights to identify, assess, and mitigate risks effectively. The ideal candidate will be able to lead risk assessment projects from end to end, utilize data analytics to inform risk decisions, and collaborate effectively across cross-functional teams including procurement, legal, information security, and regional business units. Key Responsibilities: ● Lead end-to-end Third-Party Risk Management (TPRM) processes, including risk assessments, due diligence, control evaluations, and ongoing monitoring of vendors. ● Conduct comprehensive IT risk assessments for applications, infrastructure, and cloud environments. ● Develop and maintain risk frameworks, policies, and procedures aligned with industry standards (e.g., ISO 27001, NIST). ● Work closely with procurement, legal, information security, and business teams to ensure risk-aware decision-making. ● Prepare detailed risk reports and present findings and recommendations to stakeholders and senior management. ● Drive continuous improvement of risk tools, methodologies, and automation by leveraging data analytics and risk metrics. ● Utilize data to proactively identify emerging risks, measure control effectiveness, and support strategic risk prioritization. ● Stay up to date with evolving cybersecurity threats, regulatory requirements, and risk trends across international markets. ● Apply an international risk perspective when evaluating vendor and IT risks across diverse jurisdictions and compliance regimes.

THE ROLE This role will work as Sr. IT Compliance Analyst to support China IT Risk and Compliance lead in APAC IT SOX program planning, operation, monitoring and enhancements, and to effectively collaborate with multiple stakeholders to ensure Compliance. RESPONSIBILITIES • Conduct all compliance related activities on designing, reviewing, monitoring, assessing IT SOX relevant controls (ITGC, ITAC) and key reports to ensure they are well implemented and followed. • Collaborate with Product owners, Engineers, and Business process owners, and system owners in the SDLC assessment of new system/function capabilities before they made operational. • Identify opportunities for enhancement, proactively manage and mitigate risks by performing SOX training, hold workshops with stakeholders to promote a control-conscious and risk-aware culture across the organization. • Support in audit engagement/coordination with internal and external auditors to ensure intime and sufficient response to audit requests. • Assist in leadership team reporting on the SOX program compliance, risk remediation suggestions and status tracking.

THE ROLE This role will work as Sr. IT Compliance Analyst to support China IT Risk and Compliance lead in APAC IT SOX program planning, operation, monitoring and enhancements, and to effectively collaborate with multiple stakeholders to ensure Compliance. RESPONSIBILITIES • Conduct all compliance related activities on designing, reviewing, monitoring, assessing IT SOX relevant controls (ITGC, ITAC) and key reports to ensure they are well implemented and followed. • Collaborate with Product owners, Engineers, and Business process owners, and system owners in the SDLC assessment of new system/function capabilities before they made operational. • Identify opportunities for enhancement, proactively manage and mitigate risks by performing SOX training, hold workshops with stakeholders to promote a control-conscious and risk-aware culture across the organization. • Support in audit engagement/coordination with internal and external auditors to ensure intime and sufficient response to audit requests. • Assist in leadership team reporting on the SOX program compliance, risk remediation suggestions and status tracking.