阿里巴巴LAZADA-Risk & Compliance Specialist – Cybersecurity (International TPRM & IT Risk)-Hangzhou
任职要求
Qualifications: ● Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related field. ● Minimum of 5 years of professional experience in Third-Party Risk Management (TPRM) and IT Risk/Information Security. ● Proven track record of independently leading risk assessment projects from scoping to closure. ● Strong understanding of IT controls, data protection, and regulatory compliance (e.g., GDPR, PDPA). ● Experience with risk assessment frameworks and audit standards (e.g., ISO 27001, SOC 2, PCI-DSS) is highly preferred. ● Demonstrated experience in m…
工作职责
About the Role: We are seeking a highly skilled and experienced Risk & Compliance Specialist to join Lazada’s growing cyber security team. In this role, you will play a key part in managing Third-Party Risk Management (TPRM) and Information Technology (IT) risk across Lazada’s business operations. You will be responsible for assessing, monitoring, and mitigating risks associated with third-party vendors and internal IT systems, ensuring compliance with global standards and best practices. This is a hands-on role that requires strong cyber security knowledge, independent judgment, excellent communication skills, and a proactive mindset. As Lazada operates in a complex, multi-market environment across Southeast Asia, this role demands a candidate with demonstrable international risk management experience and a global regulatory outlook, as well as the ability to leverage data-driven insights to identify, assess, and mitigate risks effectively. The ideal candidate will be able to lead risk assessment projects from end to end, utilize data analytics to inform risk decisions, and collaborate effectively across cross-functional teams including procurement, legal, information security, and regional business units. Key Responsibilities: ● Lead end-to-end Third-Party Risk Management (TPRM) processes, including risk assessments, due diligence, control evaluations, and ongoing monitoring of vendors. ● Conduct comprehensive IT risk assessments for applications, infrastructure, and cloud environments. ● Develop and maintain risk frameworks, policies, and procedures aligned with industry standards (e.g., ISO 27001, NIST). ● Work closely with procurement, legal, information security, and business teams to ensure risk-aware decision-making. ● Prepare detailed risk reports and present findings and recommendations to stakeholders and senior management. ● Drive continuous improvement of risk tools, methodologies, and automation by leveraging data analytics and risk metrics. ● Utilize data to proactively identify emerging risks, measure control effectiveness, and support strategic risk prioritization. ● Stay up to date with evolving cybersecurity threats, regulatory requirements, and risk trends across international markets. ● Apply an international risk perspective when evaluating vendor and IT risks across diverse jurisdictions and compliance regimes.
As part of your role, you will have the opportunity to: - Classify products based on their potential compliance risk, for regulatory storage and transportation purposes. - Identify and remove any products from our website that violate policies. - Work with the legal and quality team to ensure the high standard of safety and compliance. - Follow standard operating procedures to ensure an exceptional customer experience. - Moreover, you will work closely with mentors and managers to develop your skills and unravel your potential. - Propose improvement opportunities for the processes you work on. - Train and mentor other associates. - Be in contact with stakeholders from different countries and cultures. - Get involved in analyzing metrics, interpreting trends and proposing corrective actions.
As part of your role, you will have the opportunity to: - Classify products based on their potential compliance risk, for regulatory storage and transportation purposes. - Identify and remove any products from our website that violate policies. - Work with the legal and quality team to ensure the high standard of safety and compliance. - Follow standard operating procedures to ensure an exceptional customer experience. - Moreover, you will work closely with mentors and managers to develop your skills and unravel your potential. - Propose improvement opportunities for the processes you work on. - Train and mentor other associates. - Be in contact with stakeholders from different countries and cultures. - Get involved in analyzing metrics, interpreting trends and proposing corrective actions.
1. Manage the Social Responsibility (SR) audit workflow ensuring all active suppliers under Softlines Private Brands (SPB) are qualified for production. Resolve open issues with suppliers, escalate egregious issues to the business owners, and invent mechanisms to improve efficiency of our SR audits. 2. Vet, track, maintain, and improve standard operating procedures for day to day SR execution (audit scheduling and management, corrective action planning and remediation), including simplifying processes and eliminating process gaps (e.g., mismatched supplier data between Private Brands and Social Responsibility systems). 3. Identify potential SR risks with global suppliers from historical audit results and the consolidated SR performance scoring system. Work with central Amazon SR team to implement supplier engagement programs with selected SPB sites and track the SR performance improvement to evaluate program effectiveness. 4. Build, run, and maintain connection mechanisms with sourcing managers, APB Sustainability, and Amazon Social Responsibility team.
The AvSec Manager responsibilities include managing ambiguity through knowledge, experience and to allocate resources to meet daily goals. This role will manage processes, vendor x-ray screening operators and be responsible for securing the supply chain for external fulfillment to air. This position will assist with developing the workforce to meet long-term process targets. This position will directly support a team of 3rd party vendors. The AvSec Manager responsibilities also include verifying compliance with security procedures and regulatory standards, physical security design standards and policies and utilize Security Management Systems (SeMS) processes for risk mitigation. Additional responsibilities include developing new and evaluating existing security standards by establishing workflows, SLAs, and operational excellence mechanisms by ensuring customer outcomes are data driven, measured and validated. We are looking for someone who can introduce best practices and move with a strong bias for action as we ramp up these efforts. This is a new and evolving business operation. We are looking for someone who can introduce best practices and move with a strong bias for action as we ramp up these efforts. Other responsibilities include: a. Program management b. Tactical management c. Audits and service level agreement (SLA) adherence;