China Security Engineer
- China - Liaoning - Dalian
- China - Shanghai - Shanghai
Security & Compliance (PIPL, DSL, CSL)
- Requires exceptional knowledge of Security standards and advanced knowledge of others and applies these skills to ensure the Business Units in China meets its goals
- Creates an environment where innovation is standard taking appropriate risks to advance innovative processes
- Interpret and apply China regulatory requirements into actionable IT controls.
- Ensure personal data of Chinese citizens is localized within Mainland China.
- Establish and maintain security policies, compliance documentation, and audit evidence.
- Provide guidance on cross-border data transfer approvals, security assessments, and contractual obligations.
Cloud Infrastructure Security
- Manage cloud accounts in AWS China, Azure China, or equivalent providers.
- Implement and maintain IAM, KMS, encryption, VPC security, logging, and monitoring.
- Conduct regular vulnerability assessments, patch management, and threat detection.
- Ensure secure backup, recovery, and disaster recovery solutions are in place.
Separation of Duties & Access Control
- Enforce strict RBAC policies between global and local teams.
- Review and audit privileged access accounts.
- Ensure compliance with least privilege principles and monitor access logs.
- Drive remediation of any separation of duties violations.
Collaboration with Local Application Teams
- Work with China application and infrastructure teams to ensure compliance controls are built into solutions.
- Review application architectures for data residency and PIPL compliance.
- Support secure IDLC and cloud-native security practices.
Audit & Risk Management
- Act as the primary point of contact for internal and external auditors in China.
- Conduct and support periodic compliance reviews and penetration tests.
- Track findings and ensure timely remediation.
- Develop and maintain compliance dashboards and risk registers.
Global Collaboration
- Align China-specific compliance requirements with global security policies (ISO 27001, NIST, GDPR).
- Share regular updates, risks, and compliance status with global leadership.
- Support global security projects while ensuring China regulatory requirements are not compromised.
BASIC QUALIFICATIONS
- Education: Bachelor’s degree in Computer Science, Information Security, or related field.
- Experience: 4+ years in cloud security, compliance, or audit roles.
- Technical Skills:
- Hands-on with AWS China / Azure China security features.
- Strong knowledge of IAM, encryption, SIEM, CSPM, DLP, vulnerability management.
- Familiar with DevSecOps practices.
- Compliance Knowledge:
- Deep understanding of China PIPL, DSL, CSL.
PREFERRED QUALIFICATIONS
- Experience with ISO 27001, GDPR, SOC2, or equivalent frameworks is a plus.
- Soft Skills:
- Strong stakeholder management and communication skills.
- Ability to work with both local Chinese teams and global counterparts.
- Fluent in Mandarin and English.
Work Location Assignment: On Premise
Pfizer is an equal opportunity employer and complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.
Information & Business TechBreakthroughs that change patients’ lives
Research confirms what intuition tells us: that purpose-driven companies perform better, are more innovative, attract and retain the best people, and know how to unleash the power of those people. Pfizer’s purpose—Breakthroughs that change patients' lives—fuels everything we do and reflects our passion for building on our legacy as one of the greatest contributors of good to the world.
Each word in our purpose has meaning and reflects the value we strive to bring to patients and society:
“Breakthroughs” - These are the innovations, scientific and commercial, that we seek to deliver every day. All colleagues, regardless of role, level or location, strive for breakthroughs every day.
“Change” - We want to do more than simply improve patients’ medical conditions; we want to dramatically change their lives for the better.
“Patients’ lives” - We consider not only patients, but everyone they touch—including their families, caregivers, and friends—and everything they love to do. It’s an intentionally holistic view.
Our purpose ensures that patients remain at the center of all we do. We live our purpose by sourcing the best science in the world; partnering with others in the healthcare system to improve access to our medicines; using digital technologies to enhance our drug discovery and development, as well as patient outcomes; and leading the conversation to advocate for pro-innovation/pro-patient policies.
Every decision we make and every action we take is done with the patient in mind—and to nurture an environment where breakthroughs can thrive.
Our Values
To fully realize Pfizer’s purpose, we have established a clear set of expectations regarding “what” we need to achieve for patients and “how” we will go about achieving those goals.
The “how” is represented by four simple, powerful values—courage, excellence, equity, and joy—that define our company and our culture.
Courage: Breakthroughs start by challenging convention, especially in the face of uncertainty or adversity. This happens when we think big, speak up, and are decisive.
Excellence: We can only change patients’ lives when we perform at our best together. This happens when we focus on what matters, agree who does what, and measure our outcomes.
Equity: We believe that every person deserves to be seen, heard, and cared for. This happens when we are inclusive, act with integrity, and reduce healthcare disparities.
Joy: We give ourselves to our work, but it also gives to us. We find joy when we take pride, recognize one another, and have fun.
Pfizer Digital
Pfizer Digital takes immense pride in being at the forefront of innovation, harnessing cutting-edge smart technology that profoundly impacts the lives of our patients.
With the transformative potential of digital solutions, we revolutionize how we discover, develop, and deliver medicines, enabling us to achieve breakthroughs faster and more efficiently.
By streamlining and automating transactional processes, we create valuable time and resources, empowering our talented team to focus on meaningful work that truly makes a difference in healthcare and beyond.
Benefits at Pfizer
Pfizer offers competitive compensation and benefits programs designed to meet the diverse needs of our colleagues. Our Pay for Performance Philosophy and Practices reward colleagues based on the contributions they make to our business.
Our Competitive Benefits Programs help our colleagues by:
- Promoting Health and Wellness to help colleagues maintain and improve their physical and mental wellbeing. Pfizer offerings include health and disability insurance, preventative health programs, medical screenings, free or reduced-cost vaccinations, discounts on Pfizer products, mental health support, nutrition and fitness counseling and more.
- Strengthening Colleagues’ Financial Security by providing company contributions to retirement plans, life insurance and financial planning education to help colleagues achieve their financial goals.
- Providing Benefits and Time off for the Moments that Matter to ensure Pfizer colleagues have the time away from the office to recharge, recover and return to work as the best version of themselves. Vacation, Holiday time and Sick time are just the beginning, with a 12 week parental leave policy for both parents of a new born, 10 day of caregiver leave for those times when your family needs you whether it’s a child, spouse or parent, bereavement leave, and additional country-specific programs.
- And so much more, depending on your country and site, Pfizer offers childcare facilities or discount programs, on-site health and/or fitness centers, movement and mindfulness solutions, “Log in for your Day” work flexibility and so much more.
For U.S. based jobs, view an overview of Pfizer’s U.S. benefits program (opens in a new window)