With over 14,500 stores and 4 billion happy customers across 24 markets in Asia and Europe, A.S. Watson is the world’s largest health & beauty retailer.
Senior Manager - Group Information Technology Security
Hong Kong
This role forms part of the A.S. Watson Group IT (GIT) Security function and supports the Head of Data Privacy and Information Security with implementing and executing the Information Security Risk Management Policies in Asia region. The role is responsible for the successful implementation of the ISF Standard of Good Practice Framework, remediation of to establish the required level of maturity across the Group and ongoing support to the Business Units (BUs). This is not an operational role,
but rather one with strategic and tactical responsibilities.

The Group is in the early stages in implementing the ISF Framework, so this provides an opportunity for the role to be involved in the design and set up of the Framework. The role will be involved in building an extended team of BU security officers who will provide the necessary representation at local level and embed security.


  • Advise the Dept. Head on information security issues.
  • Support the Dept. Head with developing corporate IT Policies, Standards and baselines.
  • Direct and manage the BU Information Security Managers to ensure information security control implementation and
    execution within local Business Units
  • Provide guidance to the Group and BU's by developing, maintaining and publishing up-to-date security procedures,
    standards and guidelines.
  • Manage and assess information security risks for Group and high-risk projects such as conducting (third party) risk
    assessments and Information Security audits.
  • Review the BU's Information Security Year Plans and monitor status and progress on execution.·
  • Plan, research and specify robust security architectures for IT Infrastructure and IT projects

Job Requirements

  • University graduate with 10+ years working experience in IT and information security.
  • With Information Security Certifications (CISSP, CISM, CISA, or equivalent industry certifications)
  • Strong experience with standards work in information security, such as ISF or ISO 2700x a must.
  • Expert knowledge of risk assessment procedures, technologies and Cyber security attacks and threads.
  • Excellent knowledge of cyber security technologies, IT Infrastructure and IT standards (ITIL, network technology, storage, databases, various operating systems as Windows/UNIX), and web technologies (focusing on network security).
  • Fluent Chinese and English (verbal & written communication capability.
  • Excellent communication skills and the ability to work across the organization at all levels, and geographical locations.