Technology & Digital

Digital Trust Analyst - Digital Risk

108745

  • Shanghai

You will own the delivery of critical cybersecurity and digital resilience tasks.
You will support broader digital risk initiatives for the Greater China (GC) region by partnering closely with consultants, Technology teams, Legal, Risk, and external vendors. In this role, you will operationalize key processes and controls to protect the firm and enable business growth in one of our most dynamic regions.
You will lead end-to-end Multi-Level Protection Scheme (MLPS) compliance, including assessments, audit coordination, certificate renewals, and ongoing risk tracking. You will drive and track the remediation of compliance and audit findings, implementing solutions based on priority to mitigate risks related to data security, control deviations, and privacy. Additionally, you will execute the data security roadmap, ensuring milestone tracking and gap remediation, while providing ad-hoc support for privacy audits, regulatory inquiries, and other compliance assessments.
You will manage the monitoring of and contribution to the central risk register. You will oversee the intake, assessment, documentation, and tracking of Product Security Reviews (PSR) for GC-region products prior to go-live to ensure full security compliance. Furthermore, you will execute the complete lifecycle of vendor risk assessments for all regional vendors and third-party engagements.
You will define local security controls, provide implementation guidance, and ensure adoption by product teams. You will also identify and define Responsible AI controls with actionable guidance and measurable thresholds. On the ground, you will support incident response investigations and vulnerability remediation tracking to ensure strict adherence to SLAs.
You will ensure the end-to-end governance and validation of digital risk, consistently enhancing the firm's security compliance posture by implementing effective controls throughout the product development lifecycle.

You are someone who thrives in a high-performance environment, bringing a growth mindset and entrepreneurial spirit to tackle meaningful challenges that have a real impact.
In return for your drive, determination, and curiosity, we’ll provide the resources, mentorship, and opportunities to help you quickly broaden your expertise, grow into a well-rounded professional, and contribute to work that truly makes a difference.
When you join us, you will have:
  • Continuous learning: Our learning and apprenticeship culture, backed by structured programs, is all about helping you grow while creating an environment where feedback is clear, actionable, and focused on your development. The real magic happens when you take the input from others to heart and embrace the fast-paced learning experience, owning your journey.
  • A voice that matters: From day one, we value your ideas and contributions. You’ll make a tangible impact by offering innovative ideas and practical solutions, all while upholding our unwavering commitment to ethics and integrity. We not only encourage diverse perspectives, but they are critical in driving us toward the best possible outcomes.
  • Global community: With colleagues across 65+ countries and over 100 different nationalities, our firm’s diversity fuels creativity and helps us come up with the best solutions. Plus, you’ll have the opportunity to learn from exceptional colleagues with diverse backgrounds and experiences.
  • Exceptional benefits: On top of a competitive salary (based on your location, experience, and skills), we provide a comprehensive benefits package to enable holistic well-being for you and your family.

  • Bachelor’s degree is required (master’s degree is preferred) in IT/Computer Science, Cyber Security, or equivalent experience
  • CISSP/CISM or equivalent preferred
  • 3+ years of corporate and/or professional services experience, with a focus on hands-on experience in information security domain, specifically in product security reviews, vendor risk assessments, GRC/compliance execution
  • Working knowledge of China-specific cyber and digital resilience regulations (cyber, data, AI security etc.) and general privacy/compliance principles
  • High attention to detail, ownership mindset, and comfort with structured tools (Excel, Jira, Confluence)
  • Eagerness to learn the emerging tech quickly and operate under guidance while taking full accountability for assigned BAU
  • AI exposure: Foundational understanding of how Large Language Models (LLMs) work and the unique security risks associated with AI integrations
  • Bilingual fluency level language skills in English and Mandarin, with experience communicating with product and business stakeholders in GC. Ability to communicate technical findings clearly for both technical and non-technical stakeholders
  • High Tech
  • Technology