Job Description

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.

Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.

Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Senior InfoSec Advisor, China

Serve as Haleon China’s cybersecurity and information security accountable leader, responsible for cybersecurity governance, privacy protection, data security compliance, regulatory engagement, and cyber risk management across all China operations.

• Act as Haleon China’s designated Cybersecurity Officer and primary accountable person for enterprise information security. Represent Haleon China during regulatory inspections, audits and cybersecurity reviews.

• Lead organization Cybersecurity and Data Protection strategies and its subsidiaries, work collaboratively across multiple teams to build security framework in technology and business process.

• Ensure compliance with Cybersecurity Law, Data Security Law (DSL), Personal Information Protection Law (PIPL) and related regulations.

• Lead cybersecurity governance, risk management, security operations and compliance programs.

• Lead incident response, cyber crisis management and regulatory notification activities.

• Assist with the overall business technology planning, providing current knowledge and future vision of technology & systems. Projects coverage areas in the field of Cloud/Application/Infra Security, Regulatory Compliance, Information Security Governance, IAM/DLP/Threat Management

• Manage third-party security, supplier risk and security due diligence activities.
• Develop cybersecurity awareness and security culture programs. Partner with business stakeholders to raise awareness of risk management concerns

Main Task

Security Strategy:

• Drive, implement and continuously monitor Cybersecurity and Data Privacy policies to be in line with group regulatory security framework and applicable law.
• Manage and lead technology risk function to ensure business initiatives and operation changes are deployed in a secure manner.
• Create security metrics to keep top management up with transparency over the state of Cybersecurity and Data Privacy.

Cybersecurity Compliance

• Act as the primary point of contact for cybersecurity, data protection and regulatory matters in China.
• Ensure Haleon China’s business operations, application development and network infrastructure comply with all applicable local laws and regulations.

System Security:

• Manage system security throughout Digital China system development lifecycle, including define security requirement, perform threat modelling and conduct penetration testing.
• Lead the cybersecurity assessment on local applications based on Cyber Security Law (CSL) and related requirements, including Multi-Level Protection Scheme (MLPS) requirements, digital license, etc. and be responsible for MLPS assessment and certification.

ISMS:

• Provide Information Security and Data Protection trainings to ensure an adequate security awareness and maturity level in all business departments.
• Establish the framework of document management in respect of the manner, location and time frame for retaining and destroying documents according to the regularity and cost-effectiveness.
• Establish data and security incident management procedure. Investigate data breach incident and report to top management in a timely manner.

Vendor Security Management:

• Safeguard company data in vendor in partnership with legal and procurement function by reviewing contract and performing vendor security audit.

Basic Requirements:

• Computer Science or Business Administration with additional IT education
• Laws and regulations on data security and privacy (CSL, GDPR, etc.), COBIT, SOX
• Leadership and stakeholder management, have had experience in delivering large scale security initiatives where various stakeholders (internal & external) are involved
• Innovative thinking with an ability to lead and motivate cross-functional, interdisciplinary teams

Related Working Experience:

• >10 years of demonstrated working experience in Information Security and/or related functions (e.g. Information Technology, Data Protection)
• >5 years of leadership experience and good managerial skills in managing a diverse workforce. Strong Project Management skills.
• Relevant experience in a multi-cultural work environment fostering a climate of team work and collaboration
• Excellent in-depth knowledge in Network Security, Cloud Security, Endpoint Security, Identity and Access Management
• Excellent in-depth knowledge of ISO27001/2, COBIT, ITIL , MLPS and NIST Cyber Security frameworks
• Ability to develop cooperative and constructive working relationships, to handle complaints, settle disputes and resolve conflicts and negotiate with others
• Collaborative team player orientation towards work relationships, strong culture awareness. Effectiveness in building trust, respect and cooperation among teams
• Professional certifications a plus (CISSP, CRISC, CISA, CISM or equivalent)
• Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., is a plus.

Job Posting End Date

2026-07-23

Equal Opportunities

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.

During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.

The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

Adjustment or Accommodations Request

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.

Note to candidates

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.