Information Security Consultant

Job category:

IT/Telecommunications

Department:

Cyber Security

Organization:

Mercedes-Benz Group China Ltd.

Location:

Mercedes-Benz Group China Ltd., Beijing

Start date:

immediately

Publication date:

01.04.2026

Job number:

MER0003S8I

Working time:

Full time

Apply

Tasks

Objective of job

Ensure that the organization and IT assets follow the security standard and governance. You monitor and identify vulnerabilities in systems, threats and issues, document it and track the remediation. Develop and implement cloud security strategies.
-Responsible for the governance of compliance with policies and processes to protect the confidentiality, integrity and availability of IT assets (information, data and IT services) within the organization.
-Responsible for organizational and technical controls
-Support in risk assessment and analysis and monitoring the implementation of risk control/minimization measures
-Identification of possible vulnerabilities in services and applications. Ordering and monitoring of penetration and assessment services. Document the results and ensure mitigation/minimization
-Assessing threats and developing appropriate security measures and assessing their effectiveness
-Assist businesspartners in information classification
-Coordination for security incidents and participation in incident response activities, including mitigation and remediation strategies [3]
-Take care of actuality of disaster or application recovery plans
-Develop and conduct target group orientated awareness campaigns
-Define security controls derived from policies

Job designation

•Developing and Maintaining Security Policies and Standards
Responsible for creating, updating, and enforcing information security policies, standards, and procedures that align with legal, regulatory, and contractual requirements. This includes ensuring that policies are comprehensive, clearly communicated, and regularly reviewed.

•Ensuring Regulatory Compliance
Ensure the organization complies with relevant laws, regulations, and industry standards such as ISO 27001, NIST, and others. This involves understanding the specific requirements of each regulation and implementing controls to meet them.

•Security Audits and Assessments
-Responsible for planning and conducting internal security audits to assess the effectiveness of security controls and identify areas for improvement.
-Coordinate external audits and assessments, ensuring the organization is prepared and responsive to auditor requests.

•Risk Management and Governance
-Identifying, assessing, and managing information security risks across the organization. This includes conducting regular risk assessments, developing risk mitigation strategies, and monitoring the effectiveness of controls.
-Contribute to the development of a strong governance framework for information security.

•Compliance Reporting
Responsible for preparing and submitting reports to management and regulatory bodies on the organization's security posture and compliance efforts. This includes tracking key security metrics, documenting compliance activities, and communicating security risks and issues to relevant stakeholders.

•Policy Enforcement
Responsible for ensuring that security policies are consistently enforced across the organization. This includes monitoring compliance with policies, investigating security violations, and taking corrective action when necessary

•Supplier Risk Management
Assesses the security practices of third-party suppliers and service providers to ensure they meet the organization's security requirements. This includes reviewing vendor contracts, conducting security assessments, and monitoring vendor compliance with security policies

•Collaboration and Communication
-Collaborating with other IT teams, developers, and business stakeholders.
-Providing security training and awareness to employees.
-Communicating security risks and recommendations to management.

Qualifications

Qualification

•Professional Skills:
-Deep understanding and experience on: IT Security, Risk Management, Compliance & Security Standards, Knowledge in all relevant Operating Systems, Data Protection
-Knowledge of: Cloud Security, Network, Web Technologies, Database, IT operations (ITIL)
•Experience with security frameworks, such as NIST, and ISO 27001.
•Relevant certifications, CISA, CISSP
•> 5 years experience with focus in areas of security governance and security operations
Education: Bachelor's degree and above in Computer Science encompassing Information Security

Benefits

Events for Employees

Flextime Possible

Hybrid Work Possible

Health Benefits

Mobility Offers

Discounts for Employees Possible

Parking

Inhouse Doctor

Good Public Transport

Barrier-Free Workplace

Canteen, Café

Contact

Mercedes-Benz Group China Ltd.

Wang Jing Int. R&D Park Phase III, 6 Wangjing East Road

100102 Beijing

Details to location

Recruitment China

E-Mail: recruitment_cn@mercedes-benz.com

Apply

The Mercedes-Benz Group.

The Mercedes-Benz Group AG (former Daimler AG) is one of the world's most successful automotive companies. With Mercedes-Benz AG, we are one of the leading global suppliers of premium and luxury cars and vans. Mercedes-Benz Mobility AG offers financing, leasing, car subscription and car rental, fleet management, digital services for charging and payment, insurance brokerage, as well as innovative mobility services.

Learn more