Security Specialist - Shenzhen

Purpose of Position

• The Security Specialist will be responsible for supporting and strengthening CASETiFY's cyber security, information security, and compliance capabilities across the organization. The incumbent will work closely with technology, infrastructure, product, legal, compliance, and business teams to protect enterprise systems, data, and operations while ensuring alignment with internal policies and external regulatory requirements.
• The incumbent is expected to bring strong hands-on experience in cyber security operations, governance, risk management, and compliance, with practical exposure to China and global regulatory environments, including GDPR and relevant U.S. privacy and cyber security standards. This role will help drive security controls, compliance readiness, audit support, and continuous improvement in a fast-paced environment.

Job Description

• Support the implementation, maintenance, and continuous improvement of cyber security policies, standards, controls, and governance practices across CASETiFY's technology and business environments.
• Work closely with infrastructure, engineering, product, and operations teams to ensure security requirements are embedded into systems, platforms, processes, and third-party integrations.
• Support security risk assessments, control reviews, gap analysis, remediation tracking, and risk mitigation activities across applications, infrastructure, cloud platforms, and endpoints.
• Assist in the development and enforcement of security and compliance frameworks covering areas such as access control, identity management, vulnerability management, endpoint security, network security, data protection, logging, monitoring, and incident response.
• Support regulatory and compliance readiness across China, GDPR, and relevant U.S. standards, and work with internal and external stakeholders to ensure obligations are understood and maintained appropriately.
• Participate in security audits, compliance reviews, certification activities, and internal control assessments, and coordinate evidence collection, remediation follow-up, and documentation.
• Assist in the review of security architecture, technical controls, and operational processes to identify risks, gaps, and improvement opportunities.
• Support security incident management activities including investigation coordination, documentation, root cause analysis, and remediation tracking.
• Monitor and track security vulnerabilities, findings, policy exceptions, and remediation status, and provide clear visibility to stakeholders.
• Work with vendors, partners, and internal teams to assess third-party security risks and support compliance due diligence as required.
• Maintain and improve security documentation including policies, procedures, control matrices, standards, playbooks, and compliance records.
• Support security awareness, training, privacy control implementation, and continuous improvement initiatives to strengthen organizational security and compliance maturity.

Requirements

• Strong hands-on experience in cyber security, information security, risk management, and compliance-related roles.
• Good understanding of identity and access management, vulnerability management, endpoint security, network security, logging and monitoring, incident response, and data protection.
• Experience in supporting security governance, control implementation, audit readiness, compliance assessments, and policy enforcement across enterprise environments.
• Practical experience with regulatory and compliance requirements in China, Europe, and the United States is highly preferred.
• Strong familiarity with GDPR and relevant U.S. privacy and cyber security standards, with experience supporting control implementation, audit readiness, and cross-border compliance coordination.
• Familiarity with security and compliance frameworks, standards, and certifications commonly used in enterprise and multinational environments is preferred.
• Experience working with cloud environments, enterprise applications, and third-party service providers from a security and compliance perspective.
• Good understanding of security documentation, control evidence, risk tracking, remediation management, and audit coordination.
• Strong analytical and problem-solving skills with the ability to identify risks, assess gaps, and coordinate remediation actions effectively.
• Good communication and stakeholder management skills, with the ability to work closely with technical teams, legal, compliance, auditors, business users, and external partners.
• Strong attention to detail, organizational discipline, and ability to manage multiple compliance and security workstreams in parallel.
• Known for promoting security awareness, governance discipline, accountability, and continuous improvement.
• At least 5-8 years of relevant working experience in cyber security, security compliance, or information security governance, with strong experience in China compliance, GDPR, and U.S. compliance standards preferred.
• Experience in e-commerce, retail, digital platforms, or multinational environments is a plus.
• Professional certifications in security, audit, or compliance are a plus.
• Happy to work in a buzzing multicultural environment; proficient in spoken and written Mandarin and English.