Req ID




Req ID:  85256
Function:  IT
Posted:  May 14, 2023

Shanghai, SH, CN, 200040

Sr Information Security Analyst

Cross-Business: Shanghai


Coty is one of the world’s largest beauty companies with an iconic portfolio of brands across fragrance, color cosmetics, skincare, and body care. COTY is the global leader in fragrance and number three in color cosmetics. COTY’s products are sold in over 150 countries around the world. COTY and its brands are committed to a range of social causes as well as seek to minimize its impact on the environment. For additional information about Coty Inc., please visit 



The position of Information Security Analyst will report to the Director of Information Security and is responsible for supporting corporate information security initiatives to ensure the protection of the company’s information assets. The Information Security Analyst will be responsible for performing regular operational security functions, ongoing compliance-related activities, and conduction security assessments across various technologies. This position will serve as a project member on multiple projects simultaneously and will interact regularly with technical subject matter experts.

The ideal candidate will hold a Bachelor’s of Science degree in Information Security and have at least 4 years of experience in a Security or Technology role. The candidate must possess a strong understanding of the role of Information Security Policies and Standards and a strong understanding of vulnerability management including penetration testing, and risk frameworks.




  • Execution of information security reviews against infrastructure, applications, and vendor services (cloud platforms).
  • Vulnerability identification and remediation
  • Execution of security root cause analysis and forensics as part of the enterprise’s Cyber Incident Response Plan.
  • IT compliance monitoring and issue lifecycle reporting.
  • Familiarity with Chinese Cybersecurity Law
  • Support multiple Information security projects, including Administrator Activity Monitoring, Security Event and Incident Management, and General Security Administration.
  • Support the Global Privileged Access Entitlement Review Process.
  • Coordinate activities of vendors performing penetration tests.
  • Participation in various programs and initiatives supporting the further implementation of the company’s Information Security Policies and Standards.



  • Strong foundation in information technology and information security principles.
  • Strong knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to research current information security landscape.
  • Experience in threat modeling to identify risks posed by new technologies or implementations.
  • Familiarity with forensic tools used as part of security event investigations.
  • Possession of or ability to obtain professional certifications in information security or risk management, such as a CISSP, CEH, CISM or CRISC.
  • Basic knowledge of security and control frameworks, such as NIST CSF, ISO27001/2, COBIT, ITIL, and CIS.
  • Interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Innovative, creative, curious and passionate about security and information technology.
  • High degree of initiative, dependability and ability to work with little supervision.
  • Proficiency in Office365 tools and collaboration technologies.
  • Ability to formulate a clear and actionable plan and execute against it.



This is a unique role with a genuine opportunity to make an impact. You’ll get to work in a diverse environment with a team who are passionate about the work they do and know how to have some fun along the way.  



Country/Region:  CN
City:  Shanghai