Reports To：CIO, Greater China & APAC

Position Overview

We are seeking a strategic and experienced Information Security lead to lead Information Security and Data Privacy across Greater China, covering Commercial, Manufacturing, supply, and R&D. This role is critical in ensuring full compliance with China's cybersecurity and data privacy regulations — including DSL, CSL, and PIPL — while supporting secure, scalable digital innovation in a highly regulated industry.
The ideal candidate will work in close partnership with the APAC & Greater China CIO, the PIPO (Head of Risk Management) , China compliance & legal , global information security team and global CISO to ensure that policies, processes, systems, and documentation fully align with legal requirements and laws. Additionally, the role will also cover the data & cyber security regulations and requirements across APAC markets, including north Asia, southeast of Asia and Australia & New Zealand.

Key Responsibilities

Data Privacy & Compliance

• Interpret and implement DSL, CSL, PIPL and others related to cyber, data security for all China operations

• Support the APAC markets for the data and cybersecurity policy, document and process
• Partner with PIPO and the APAC & Greater China CIO to drive compliance in policy, system design, process governance, and documentation
• Lead internal audits, impact assessments, and maintain RoPA (Record of Processing Activities)
• Coordinate with Legal, Compliance, QA, and business stakeholders for incident response and regulatory alignment
• Develop and roll out data privacy training programs to strengthen organizational awareness

Information Security Leadership

• Lead Greater China and APAC information security strategy, governance, and operations
• Implement security policies in alignment with global InfoSec standards and local compliance needs
• Guide secure deployment of digital projects including cloud platforms and third-party integrations
• Conduct cybersecurity risk assessments for systems, data, and vendors

• Collaborate with and influence cross-functional stakeholders, including:
• APAC & Greater China CIO
• China PIPO / Head of Risk Management
• Asia Compliance Leader
• Global CISO & Information Security Team
• China digital BP, Data, and Architecture teams
• China Legal & Compliance

• Global Technology Risk Management & Compliance

Qualifications

• Bachelor’s or Master’s degree in Cybersecurity, Data Privacy, IT or related fields
• 10+ years of experience in Information Security, Privacy, or Compliance, preferably in Pharma or Life Sciences
• Strong knowledge of DSL, CSL, PIPL, and hands-on experience with audit readiness and enforcement

• Excellent soft skills
• Relevant certifications: CISSP, CIPM, CISA, CDPO
• Excellent communication skills in Mandarin and English

Other Information

• Flexible working hours and possible travel
• Strong cross-functional collaboration opportunities in a globally integrated enterprise
• Impactful role in shaping the secure digital journey for one of the most regulated and innovative sectors