With over 14,500 stores and 4 billion happy customers across 24 markets in Asia and Europe, A.S. Watson is the world’s largest health & beauty retailer.
Senior Manager - Group Information Technology Security
Hong Kong
This role forms part of the A.S. Watson Group IT (GIT) Security function and supports the Head of Data Privacy and Information Security with implementing and executing the Information Security Risk Management Policies in Asia region. The role is responsible for the successful implementation of the ISF Standard of Good Practice Framework, remediation of to establish the required level of maturity across the Group and ongoing support to the Business Units (BUs). This is not an operational role,
but rather one with strategic and tactical responsibilities.

The Group is in the early stages in implementing the ISF Framework, so this provides an opportunity for the role to be involved in the design and set up of the Framework. The role will be involved in building an extended team of BU security officers who will provide the necessary representation at local level and embed security.


  • Advise the Dept. Head on information security issues.
  • Support the Dept. Head with developing corporate IT Policies, Standards and baselines.
  • Direct and manage the BU Information Security Managers to ensure information security control implementation and
    execution within local Business Units
  • Provide guidance to the Group and BU's by developing, maintaining and publishing up-to-date security procedures,
    standards and guidelines.
  • Manage and assess information security risks for Group and high-risk projects such as conducting (third party) risk
    assessments and Information Security audits.
  • Review the BU's Information Security Year Plans and monitor status and progress on execution.·
  • Plan, research and specify robust security architectures for IT Infrastructure and IT projects

Job Requirements

  • University graduate with 10+ years working experience in IT and information security.
  • With Information Security Certifications (CISSP, CISM, CISA, or equivalent industry certifications)
  • Strong experience with standards work in information security, such as ISF or ISO 2700x a must.
  • Expert knowledge of risk assessment procedures, technologies and Cyber security attacks and threads.
  • Excellent knowledge of cyber security technologies, IT Infrastructure and IT standards (ITIL, network technology, storage, databases, various operating systems as Windows/UNIX), and web technologies (focusing on network security).
  • Fluent Chinese and English (verbal & written communication capability.
  • Excellent communication skills and the ability to work across the organization at all levels, and geographical locations.
Rackspace | Australia

Rackers aren't all alike. We look different. We think uniquely. We are from many places and our beliefs & backgrounds vary. But, being a Racker - a valued member of a winning team on an inspir...

1 day ago
Lalamove | Malaysia

If your answers are yes and yes, we want you to join our team! We are seeking an Operations Associate who will not back down in the face of challenge, who is ready to try new things and is ready to ma...

1 day ago
Generali | Hong Kong

Execute the strategic planning processes, with main focus on non-life insurance business, from prepare timetable, build budget model & assumptions, analyze the plan results into different dimensio...

1 day ago
Avery Dennison | India

Avery Dennison (NYSE: AVY) is a global leader in pressure-sensitive and functional materials and labeling solutions for the retail apparel market. The company's applications and technologies are a...

1 day ago
Sourcibo | Hong Kong

Search & Select International Limited (www.searchselect.net) is a professional search and recruitment firm. We provide quality services to clients of various business sectors and deliver satisfact...

1 day ago