信息安全经理 Information Security Manager
BENEFITS AND PERKS
Shanghai Disney Resort offers extensive benefits and perks to our cast members.
-
SERVICE BONUS & ANNUAL VARIABLE BONUS -
Social Security, Housing Fund and Commercial InsuranceAffordable Health Insurance options, such as medical, dental, and vision coverage, may be available for full time employees.
-
Annual leave and full-paid sick leaveVacation and sick leave are available for full time positions. Vacation and personal holidays are accrued based on length of service, position, and hours worked.
-
Free Park EntryComplimentary theme park admission for full-time and part-time positions after two weeks of employment
-
Disney DiscountsDiscounts are available at select hotels, dining, merchandise and recreation locations.
-
Health check-upWe offer on-site fitness classes in addition to a variety of health and wellness programs and seminars.
"Here, we create magic every day! Being able to work with the team on new projects and witnessing Guests jumping for joy and regaining their childlike innocence is what gets me the most!"
Laura, Integrated Facility Planning Manager, Facility and Operations Services
Job Summary:
信息安全经理
业务部门: 技术与数字
工作地点-国家/地区: 上海, 中国
职位介绍:
作为信息安全经理,您的主要职责是在公司数字产品和平台中推动隐私设计理念的落地,确保隐私要求在系统和产品开发生命周期中得到有效集成。您需要深入理解中国隐私法律法规及相关技术标准,并将这些要求转化为可执行的技术规范和流程指南,推动隐私与安全相关的技术和流程改进。该角色要求您在法律、信息安全和工程团队之间发挥桥梁作用,确保隐私和安全要求在产品和系统中得到落实。同时,您将撰写高质量的技术文档和实施指南,管理跨职能项目,并通过影响关键利益相关方来实现隐私合规和信息安全目标。该职位隶属于信息安全团队,并与隐私法律职能保持紧密协作。
工作内容:
- 解读并持续监控中国隐私法律(如《个人信息保护法》《数据安全法》《网络安全法》)及相关 GB/T 技术标准的技术要求,并将其转化为可执行的技术规范和流程指南;
- 在软件开发生命周期(SDLC)中定义隐私工程要求和检查点,确保其融入产品开发流程;
- 将隐私非功能性需求(NFR)纳入设计评审和版本发布;指导并推动工程和产品团队实施隐私控制措施,如数据最小化、加密、去标识化、数据保留、日志与可审计性、基于角色的访问控制以及同意管理等;
- 维护系统中个人数据的最新清单,并支持隐私影响评估(DPIA)及跨境数据传输评估;
- 审查第三方 SDK、跟踪器和云配置,支持供应商隐私评估、隐私影响评估及跨境数据传输评估,确保符合隐私要求;
- 作为隐私项目经理,领导隐私相关举措在技术与数字团队中的实施,确保按时交付并降低风险;
- 与法律、信息安全、技术与数字团队及业务团队协调合作,将隐私要求嵌入产品和流程;
- 为内部利益相关方及监管用途准备文档、演示材料和报告;
- 与隐私法律团队合作,开展隐私意识培训,推动组织内隐私合规文化建设;
- 支持与个人数据相关的事件响应活动,包括文档记录和经验总结。
我们希望您:
- 计算机科学、信息安全、软件工程或相关领域的本科及以上学历;
- 6–10 年隐私工程、信息安全或隐私合规相关工作经验,具备 IT 项目管理经验者优先;
- 深刻理解中国隐私法规(《个人信息保护法》《数据安全法》《网络安全法》)及相关 GB/T 标准;熟悉国际隐私框架(如 GDPR)者更佳;
- 能够理解并清晰解释隐私相关技术概念(如加密、去标识化、假名化),并将其转化为可执行的指南;
- 具备管理跨职能项目并推动合规举措落地的成功经验;
- 优秀的英文书写能力,能够为技术和非技术受众撰写清晰、详细的指南和文档;
- 出色的沟通、演示和人际交往能力;中英文听说读写流利。
Information Security Manager
Line of Business: Technology & Digital
Location: Shanghai, China
Job Summary:
As an Information Security Manager, your primary duty is to embed Privacy by Design principles across our digital products and platforms, ensuring privacy requirements are integrated throughout the system and product development lifecycle. In this role, you will interpret technical requirements under China’s privacy laws and relevant standards, translate them into actionable technical and process guidelines, and drive the implementation of privacy and security initiatives across Tech & Digital. Acting as a bridge between Legal, InfoSec, and Engineering teams, you will ensure compliance is built into products and systems from the ground up. The ideal candidate will have a strong IT or engineering background, excellent written English skills for drafting detailed technical guidelines, and proven ability to manage cross-functional projects and influence stakeholders. This position is part of the Information Security team, with close collaboration and dotted-line reporting to the Privacy Legal function.
Key Responsibilities:
- Interpret and monitor the technical requirements under China privacy laws (PIPL, DSL, CSL) and relevant GB/T standards, and translate them into actionable technical and process guidelines.
- Define privacy engineering requirements and checkpoints within the SDLC and ensure they are integrated into product development processes.
- Bake privacy NFRs into design reviews and releases; guide and drive engineering and product teams on implementing privacy controls such as data minimization, encryption, de-identification, retention, logging/auditability, role-based access, consent management, etc.
- Maintain an up-to-date inventory of personal data across systems.
- Review third-party SDKs, trackers, and cloud configurations, and support vendor privacy assessments, privacy impact assessments and cross-border data transfer evaluations to ensure compliance with privacy requirements.
- Act as a privacy project manager role to lead the implementation of privacy initiatives across Tech & Digital, ensuring timely delivery and risk mitigation.
- Coordinate with Legal, InfoSec, T&D, and business teams to embed privacy requirements into products and processes.
- Prepare documentation, presentations, and reports for internal stakeholders and regulatory purposes.
- Work with Privacy Legal to deliver privacy awareness training and promote a culture of privacy compliance within the organization.
- Support incident response activities related to personal data, including documentation and lessons learned.
Desired Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Software Engineering or related field.
- 6–10 years of experience in privacy engineering, information security, or privacy compliance, with IT project management experience preferred.
- Strong understanding of China privacy regulations (PIPL, DSL, CSL) and relevant GB/T standards; familiarity with international frameworks (e.g., GDPR) is a plus.
- Ability to understand and explain technical privacy concepts (e.g., encryption, de-identification, pseudonymization) and translate them into actionable guidelines.
- Proven experience in managing cross-functional projects and driving implementation of compliance initiatives.
- Excellent written English skills, with the ability to produce clear, detailed guidelines and documentation for technical and non-technical audiences.
- Excellent communication, presentation, and interpersonal skills; fluent in Chinese and English (written and spoken).
About Shanghai Disney Resort:
Shanghai Disney Resort, the first Disney resort in Mainland China, is a place where friends and families can escape together to a whole new world of fantasy, imagination, creativity and adventure. The resort is home to the Shanghai Disneyland theme park; two themed hotels; Disneytown, a large shopping, dining and entertainment district; a Broadway-style theatre; Wishing Star Park and other outdoor recreation areas. Shanghai Disney Resort Cast Members provide world-class service to guests, and the resort brings classic Disney stories and characters to life with authentic cultural touches and themes tailored specifically for the people of China. Shanghai Disney Resort offers something for everyone – thrilling adventures, lush gardens where guests can relax together and enriching interactive experiences.
About The Walt Disney Company:
The Walt Disney Company, together with its subsidiaries and affiliates, is a leading diversified international family entertainment and media enterprise that includes three core business segments: Disney Entertainment, ESPN, and Disney Experiences. From humble beginnings as a cartoon studio in the 1920s to its preeminent name in the entertainment industry today, Disney proudly continues its legacy of creating world-class stories and experiences for every member of the family. Disney’s stories, characters and experiences reach consumers and guests from every corner of the globe. With operations in more than 40 countries, our employees and cast members work together to create entertainment experiences that are both universally and locally cherished.
This position is with Shanghai Intl Theme Park Company, Ltd., which is part of a business we call Shanghai Disney Resort.
Specific benefits vary between different roles and may be adjusted according to company policy. Shanghai Disney Resort does not charge a fee to submit job applications and has not authorized any individual or company to charge to do so. Please always check our official channels or platforms for the most relevant recruitment information.
It is the policy of the Company to provide equal opportunity for all employees and candidates for employment without regard to race, religion, color, sex, family status, sexual orientation, national origin, age, marital status, covered veteran status, intellectual or physical disability, pregnancy, nationality/ethnicity, migrant worker status, carrier of infectious diseases status or any other category of persons to the extent provided by law. The “Equal Employment Opportunity” in this policy extends, but is not limited, to recruitment and employment, promotion, demotion, transfer, layoff, termination, rate of pay, and other forms of compensation, education, and training.
SHARE
Link opens in new tab.