Senior Information Security Manager

The Senior Information Security Manager is responsible for leading and managing the organization’s overall information security strategy, operations, and compliance initiatives. This role requires both strategic planning and hands‑on execution to ensure the company’s data, systems, and infrastructure are protected against evolving security threats. What will you do

• Oversee and manage day‑to‑day information security operations and compliance activities.
• Lead the annual ISO 27001 audit process, ensuring continuous compliance and successful recertification.
• Manage and coordinate the company’s SOC 2 accreditation process, including documentation, control validation, and audit readiness.
• Oversee and execute the annual security accreditation process in China, ensuring alignment with local regulatory requirements and internal standards.
• Develop, implement, and maintain security policies, standards, and procedures.
• Partner with internal teams to assess security risks and ensure secure system design and configuration.
• Drive security awareness and training programs across the organization.
• Conduct regular risk assessments, vulnerability scans, and incident response activities.
• Work closely with IT, engineering, and compliance teams to ensure security is embedded in business processes and products.
• Provide strategic security recommendations to leadership and drive initiatives that strengthen the company’s security posture.
• Balance strategic leadership and hands‑on execution, ensuring both tactical issues and long‑term improvements are effectively managed.

• Bachelor’s degree in Information Security, Computer Science, or related field.
• 7+ years of experience in information security management, with at least 3 years in a leadership capacity.
• Proven experience managing ISO 27001 and SOC 2 audits / accreditations.
• Familiar with China’s cybersecurity and data protection regulations preferred.
• Strong understanding of risk management, security frameworks (e.g., NIST, CIS), and incident response processes.
• Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer / Auditor preferred.
• Excellent communication, stakeholder management, and project leadership skills.