※Applicants must have permission to work in Japan and required fluent ~ native level Japanese.
We are looking to hire a Sr. Analyst/Manager in our Security team located in our Tokyo Office. The team is responsible for the execution, facilitation and management of Security GRC certification programs across the company that our customers depend on. The role will be heavily focused on evaluating technology controls, supporting audits for the companies certification programs and acting as a compliance subject matter expert to the business. The manager will locate in Tokyo, Japan and work remotely with global Security team to support a variety of external audits and evaluations, mainly focused on Japan regional programs such as ISMAP audit.
- Plan, Coordinate and execute work assignments with process/control owners and external auditors
- Direct and perform controls testing, document results, and provide updates to the Security management, and internal stakeholders
- Manage the timely and high-quality execution of certification programs.
- Advise process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
- Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partners.
- Assist with and drive remediation of control deficiencies and gaps identified internally and externally
- Educate and train process/control owners so they better understand the security controls framework and their responsibilities
- Evaluate and advise on new and evolving certification programs and technology.
- Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes.
- Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
- Partner with other leaders within Security to collaborate and support both process maturity and staff development.
- Build and maintain relationships with regional stakeholders both internal and external and keep up to speed on regional business needs and regional market trends.
- Able not only to manage projects but also to perform hands-on detail tasks
- In-Depth technical background with a good understanding of security concepts and practical usage
- Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) services, is a plus
- Excellent written and verbal communication skills; ability to effectively communicate across all levels of the Company
- Analytical thinker with strong organizational skills; attention to detail is a must
- Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as ISO 27001, SOC, PCI, and other regional programs such as CS Mark, PrivacyMark is desired
- Experience building compliance certification programs, such as ISO 27001, SOC, PCI and other regional programs such as CS Mark, PrivacyMark, ISMAP
- Ability to work efficiently with minimal oversight/direction remotely
- Experience managing a project with multiple team members and staff across the globe is a plus
- Possess a "whatever it takes to get the job done" mentality (i.e., pick up the phone, stop by a desk, follow-up multiple times)
- Flexibility in daily hours (i.e., willingness to work longer hours during peak periods in audit cycles, have calls outside office hours with people in other regions)
- 5+ years of security experience or IT audit
- Strong cross team collaboration skills
- Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
- Ability to travel up to 20%
- Fluent in both Japanese and English (written and verbal communication
※Experiences and skills will be considered
Please click "apply" if you are interested in the job.
We will review your profile and contact you within five business days should we find that you satisfy the requirements of the hiring company.
Further details about the company and position will be notified at a later date.