The IKEA brand is one of the most successful home furnishing brands in the world. We are a values-driven company with a passion for life at home. Our vision is to create a better everyday life for the many people. 

You see things a little differently. So do we. We believe that what you values are more important than what your CV says. We offer positions that will challenge your skills and let you grow. Come see things a little differently with us.

•          Perform Information Security risk assessments for new local solutions based on Inter IKEA Range & Supply ISDP baseline, to evaluate the effectiveness of controls; develop follow-up action plans for identified gaps identified; provide the necessary follow-up to closure.

•          Perform Information Security risk assessments for existing and new global solutions regarding cross-border data transfer, evaluate the effectiveness of controls; develop follow-up action plans for identified gaps identified; provide the necessary follow-up to closure.

•          Perform Information Security risk assessments for high-risk vendor engagement and controls assessments for applications/ platforms. 

•          Perform control risk assessments for environments, including cloud-based applications and public cloud infrastructure.

•          Provide associated analysis, reporting and metrics for assessments.

•          Work together with ISDP Leader on Multi-level Protection Scheme (MLPS) program for applicable local solutions, including self-assessment and remediation follow-ups, external testing agency communication and etc.

•          Work together with ISDP Leader on enhancement of assessment questionnaire(s), assessment process documentation and templates.

•          Exercise data privacy related compliance risk analysis to support business decision making and business operation.

•          Work together with ISDP Leader to handle and resolve local security incidents.

•          Work together with ISDP Leader on internal ISDP awareness and training program.

•          Education: Bachelor of Engineering or equivalent, majoring in Computer Sciences or engineering, or information security preferred.

•          Experience:  Minimum 4 years of IT experience, out of which 2 years with IT Security and Data Privacy Protection.

•          Experience with Information Security and/or Technology Risk Management, servicing retail industry is a plus.

•          Ability to assess Information Security controls with respect for on premise and cloud-based applications / infrastructure.

•          Strong understanding of applicable and accepted security and audit frameworks (such as COBIT and ISO), laws and regulations (China Cybersecurity Law, GDPR) & IT general controls

•          Certifications: Information Security, risk management and data privacy related certification (e.g. CISA, CISM, CISP, CISSP and etc.) will be a plus.

•         Continuously striving for excellence and simplicity

•         Enabling change

•         Safeguarding IKEA's interest as a totality 

•         Governance and compliance     

•          Strong communication skills is a must.  The resource should be able to effectively communicate with cross-functional teams and vendors, both written and oral communication is critical.

•          Fluency (written, spoken and read) in Mandarin Chinese and English; the ability to understand and translate technical documentation from Mandarin Chinese to English, vice versa is required.

•         Excellent project management skills

•         Self driven and multi task handling

The location of this position in Shanghai.  We are look forward to receiving your application in English. Please note that we will be interviewing continuously so do not delay, welcome with your application!