We are seeking a Senior Security Architect to mature the security posture for Mars China cross-segment enterprise systems and strengthen end-to-end regulatory data compliance and data protection capabilities. The role is critical to embed security-by-design principles into our full digital initiative lifecycle defines enterprise-grade security standards and reference architectures in China digital ecosystem and continuously enhances security defences using threat intelligence audit findings and vulnerability insights aligned to global Mars Security frameworks and local Chinese regulatory requirements.

What are we looking for

Core Technical Requirements

Security Architecture Core Expertise (Top Requirement)

1)Proven hands-on experience as a Security Architect with a track record of designing implementing and governing enterprise-grade security architectures for cross-functional multi-segment organizations (FMCG manufacturing or retail industry experience preferred).

2)Deep expertise in security-by-design and shift-left security methodologies with the ability to embed security controls into the full digital development lifecycle without impeding business agility.

3)Demonstrated experience defining and maintaining enterprise security standards reference architectures and security control frameworks aligned with global industry best practices.

Foundational Information Security Knowledge (Comprehensive Supplement)

1)Network & Infrastructure Security Fundamentals: Deep understanding of OSI/TCP/IP models network segmentation zero trust architecture (ZTA) principles next-generation firewalls (NGFW) WAF IDS/IPS VPN zero trust network access (ZTNA) and enterprise network security design.

2)Identity & Access Management (IAM) Fundamentals: Mastery of the least privilege principle single sign-on (SSO) multi-factor authentication (MFA) privileged access management (PAM) identity governance and directory service security.

3)Application & API Security Fundamentals: Expert knowledge of the OWASP Top 10 secure software development lifecycle (SDLC) static/dynamic/interactive application security testing (SAST/DAST/IAST) API security controls and secure coding best practices.

4)Data Security Fundamentals: Deep understanding of data classification & grading symmetric/asymmetric encryption hashing algorithms data masking & anonymization data leakage prevention (DLP) and data lifecycle security management.

5)Cloud & Cloud-Native Security Fundamentals: Working knowledge of mainstream cloud platforms (Azure/Alibaba Cloud) security architectures cloud shared responsibility model container/Kubernetes security and serverless security best practices.

6)Threat & Offensive/Defensive Security Fundamentals: Familiarity with the MITRE ATT&CK framework common attack vectors and tactics penetration testing fundamentals and cybersecurity incident response processes.

7)Risk Management Fundamentals: Solid understanding of qualitative/quantitative risk assessment methodologies and industry standard frameworks including NIST Cybersecurity Framework ISO 27001/27002 and COBIT.

Governance & Architecture Review Expertise

• 1)Hands-on experience leading security reviews for enterprise architecture initiatives participating in or leading Security Architecture Review Board processes and driving remediation of identified security gaps.

2)Ability to translate complex technical security requirements into clear enforceable policies standards and guidelines for technical and non-technical audiences.

Compliance & Data Protection Expertise

1)Deep working knowledge of Chinese local cybersecurity and data privacy regulations including the Cybersecurity Law Data Security Law Personal Information Protection Law (PIPL) and Cybersecurity Classified Protection 2.0.

2)Familiarity with global compliance requirements for multinational enterprises including GDPR PCI DSS and other industry-specific security mandates.

& Vulnerability Management Capabilities

1)Proven ability to leverage threat intelligence vulnerability assessment data and audit findings to identify architecture-level security risks and recommend targeted cost-effective mitigation solutions.

2)Experience driving continuous security posture improvement for enterprise systems and platforms.

Soft Skills

cross-functional collaboration and stakeholder management skills with the ability to partner effectively with technical teams business leaders and global security functions across different segments and regions.

verbal and written communication skills in both English and Chinese with the ability to clearly articulate complex technical security concepts and risk decisions to both technical and non-technical audiences.

critical thinking and problem-solving skills with the ability to balance security risk mitigation with business agility and operational efficiency.

sense of ownership accountability and attention to detail with the ability to manage multiple high-priority initiatives simultaneously in a fast-paced dynamic business environment.

learning mindset with a commitment to staying updated on the latest cybersecurity threats technologies industry best practices and regulatory changes.

What will be your key responsibilities

A. Core Security Architecture & Secure-by-Design Delivery

1)Provide end-to-end security architecture consulting design and technical review for cross segment enterprise digital systems business applications ensuring confidentiality integrity and availability (CIA) across IT systems applications and data flows.

2)Partner with Segment teams Enterprise Architecture (EA) and key stakeholders to conduct pre-development security assessments define tailored and enforceable security controls and embed security-by-design and shift-left principles into all digital transformation initiatives.

3)Define maintain and evolve enterprise security architect principles technical guidelines mandatory security standards and re-useable reference architecture patterns that align with Mars global future-state enterprise architecture roadmap.

B. Architecture Governance and Review board Delivery

1)Serve as the dedicated security architect subject matter expert (SME) and lead security architect for all cross-segment initiatives entering the formal Security Architecture Review process collaborating with EA leads and project teams to deliver timely rigorous and actionable security reviews.

2)Document identified security gaps/non-compliance issues and prioritized technical remediation recommendations align corrective actions with Mars Global policies/standards and China local regulatory requirements and track end-to-end closure of review actions with clear deadlines and regular progress updates to stakeholders.

3)Clearly articulate security architecture review outcomes risk assessments and risk acceptance decisions to both technical audiences and non-technical business stakeholders in relevant forums and cross-functional governance meetings. Threat Vulnerability and Audit-Driven Improvements.

C. Threat Vulnerability and Audit-Driven Security Posture Enhancement

1)Leverage actionable threat intel audit findings vulnerability assessment data and other security assessment results as sources to identify critical security deficiencies and recommend targeted architecture-level security improvements.

2)Provide expert technical inputs into the development of Mars China Security Architecture Strategy and priority focus areas to systematically mature the enterprises overall security posture and risk management capabilities.

D. Security Alignment & Regulatory Compliance

Support end-to-end security compliance assessments for new and existing projects ensuring full alignment with Mars security policies/standards as well as mandatory local and global regulatory obligations including cybersecurity data privacy and data protection requirements.

#TBdigital