Job Description

　　Position Summary:

　　This role is all about managing Philips’ Security posture in a connected ecosystem of partners, suppliers and potential new acquisitions. It is safeguarding Philips’ business confidential information and managing and monitoring our suppliers’ information security maturity. Assessing and performing risk analysis of potential new acquisitions. Performing due diligence and providing support within this connected ecosystem.

　　You will part of both the China Security Team and the global Supplier Security team, and you will be working with both local and global Group Security peers to navigate this complex landscape, guided by global policies and standards. You will liaison with China key stakeholders in the business, market and functions and provide support and guidance on all matter related to Supplier Security.

　　Duties and Responsibilities:

　　Perform Vendor risk assessments, monitoring and management.

　　Manage the vendor lifecycle, from due-diligence to termination.

　　Identification, ranking of Vendor risks to the enterprise.

　　Perform risk management in line with enterprise risk appetite and risk thresholds:

　　Effectively manage Security and Privacy risks.

　　Identify controls needed to mitigate risks.

　　Select and apply Security controls.

　　Establish and deliver centralized reporting on performance regarding operational and strategic objectives.

　　Develop and maintain security standards and policies (vendor risk management)

　　Engage with suppliers in a complex environment:

　　Perform Vendor due diligence investigations.

　　Audits/assessments engagements with suppliers.

　　Develop and maintain appropriate (senior) stakeholder relationships.

　　Manage non-strictly Legal aspects of contracting.

　　Training and awareness on Supplier Security.

　　Education/Skills and Experience Requirements:

　　Extensive experience (5+ years) in Vendor risk management and Information Security

　　Extensive strategic and tactical understanding of handling current policy issues

　　University degree in a relevant field of education, preferably Information Technology orientated or Business Administration

　　Excellent knowledge of information security standards such as ISO/IEC 27001, NIST Cybersecurity frameworks and assurance standards such as SOC2

　　CCSP/CCSK, CISM/CISA or CRISC certification is pre-requisite. CTPRP a plus.

　　Practical experience in highly regulated environments is a plus (FDA, SOX, Export, Privacy/GDPR, HIPAA, as well as China based regulations such as MLPS, CBDT, PIPL)

　　Demonstrated ability to establish balanced, risk-based compliance management and reporting methods

　　Demonstrated ability to find pragmatic and creative solution to business issues and provide concise and business-focused advice.

　　Experience in the creation and enforcement of security control mechanisms

　　Demonstrated ability to work in a fast-paced environment and to make sound judgments under tight deadlines

　　Excellent English language skills

　　Strong interpersonal skills – communication, presentation, ability to influence and lead

　　Motivated, positive attitude, and results-oriented