MANDATORY
・Applicants must have permission to work in Japan
・Applicants must be able to speak fluent ~ native level Japanese (Equivalent to JLPT N1)

☑Foreign business
☑English language required
☑Japanese language required
☑Remote
☑Flex time

[Position]
Application Security Manager

[Company Description]
Global Insurance Company

[Responsibilities]
Position Summary
This position as Application Security Engineer's purpose is to:

• Implement a segregation of duties within security where the Security & Governance CoE is accountable, and the AppSecEng Chapter is co-responsible of execution with the squad members
• Control what is asked of our squads and ensure proper goals and exit criteria are defined, then define the how (process) to execute the activity efficiently with the squads while meeting the what expected by the CoE
• Work closer to the squads to educate and support them more effectively with an AppSecEng allocated to each squad
• Improve efficiency and awareness of the squads regarding security matters (educators rather than security cops)

The Application Security Engineer goal is to support the different teams implement a complete, efficient and painless Security standards while guaranteeing the highest possible Security level to the company and its customers. The role involves the definition of the processes (the how) and their execution support by the teams: the right candidate will support the team, teach them with the goal to not be needed anymore for that activity and let the team be self-sufficient. Continuous improvement of the processes is expected, to make things simpler, faster, painless.

Also, we aim at improving its Identity management by ensuring procedures exists for all applications onboarding/offboarding of users, but also streamlining the process through standardized applications. The IAM coordinator will drive the activity from the Application Engineering side, supporting and ensuring that all our apps use the new system by end of 2024.

Key Accountabilities
Security

• Build and manage multi-disciplined engineering teams and oversee the development processes using industry best practices
• Educate squads on Security matters (it's an educator role, not a security cop role)
• Control that what is asked from squads is well defined (what: scope, when: achievable timeline, how: process, closure condition: exit criteria)
• Defend the squad produced documents during spot checks
• Not do the security work instead of the squads but ensure that it's done, done right, done on time and understood by squads.
• Strive to make oneself and one's team expendable by raising Security awareness within every squad
• Continuous improvement of the Security process, to make them more seamless, failsafe, faster and easier to grasp for everyone
• Strive to continuously improve the Security level of our applications
• Manage multiple tasks and responsibilities in high-pressure environments; excelling at pinpointing and resolving problems in early project stages to avoid cost/time expenses
• Build upon the existing implementation of our NWOW, maturing SDLC methodologies and practices across the organization
• Work closely with squads, POs, and stakeholders to ensure delivery of product

IAM

• Participate in the project meetings and report on status
• Drive the cleanup of existing AD/ID groups
• Define the governance and procedures around proper IAM in the new topology and promote buy-in from the business.
• Provide oversight of project management to ensure continuous improvement of processes
• Negotiate and collaborate with leadership and engineers to define the technical how-to-implement solutions and testing
• Create and maintain the documentation for the engineers on how to execute their migration to the new IAM topology
• Communicate, train and support the executing engineers (coordination, finding the right person to help, etc.)
• Report on migration status of engineers
• Overseeing and reviewing appropriate access through the right security framework.
• Improves the efficiency and effectiveness of access management throughout the business with security in mind.

[Requirements]

• At least 5 years of experience in the IT Information Security, IT Audit or Information Risk Management function
• Possession of an industry security certification similar or comparable to (CompTIA Security+, CISSP)
• Technical IT knowledge, especially in network architecture/security. Implementation level knowledge for solutions like Splunk, Tenable or similar
• Cloud Security knowledge (Microsoft Azure preferred)
• Specialized, deep knowledge of security and compliance policies and procedures: why and how
• Efficient process creation and execution
• Basics of Agile
• Extensive experience supporting Security for an IT company
• Ability to understand functional interdependencies and identify and resolve structural issues within the organization
• Business level English and Japanese

Language Requirement

• English Language level: Business level
• Japanese Language level: Fluent - Native Level (Equivalent to JLPT N1)
• Work permission in Japan required

[Salary]
8-10 million JPY

[Welfare]
Social insurance, Financial savings schemes, Retirement allowance system, Health management support (medical check-ups, stress checks), Flextime system, Work-from-home system

[Holidays]
Full 2 holiday week system (Sat/Sun) national holidays, New year's holiday, Annual Leave, Refresh leave, Maternity and childcare leave

Please click "apply" if you are interested in the job.
We will review your profile and contact you within five business days should we find that you satisfy the requirements of the hiring company.
Further details about the company and position will be notified at a later date.

Reference: JO-2301-477595
#LI-REMOTE
Seniority Level: Mid-Senior level
Job Function: Information Technology