Summary of Responsibilities:
As country head of IT Risk & Security Dept (ITRS) in one of the leading life insurance companies large number of local employees in Japan, this position is to lead wide range of security including cutting edge cyber security.
This position also requires massive Asia regional and global interaction, as we are driving globally aligned best in class security initiatives. In addition as a member of IT Risk Management Sub-Committee, head of ITRS is expected to interact and influence local senior management to plan and drive our security strategy. Head of ITRS is also in charge of managing and maintaining compliance with the local regulatory requirements for IT risks and interacts directly with the regulatory in case of the mandatory inspections, etc.
- Responsible for the planning, design, enforcement of security policies and procedures which safeguard the integrity of and access to enterprise systems, files and data elements.
- Responsible for critical processes with high visibility to senior management.
- Establish guidance for compliance with information security policy and governmental laws or regulations; work with industry experts to stay abreast of latest changes and new developments affecting compliance policy or guidance.
- Review key compliance metrics to identify and report progress and to target training or resources to areas in need of remediation.
Provide risk assessment guidance to enterprise.
- Identifies enterprise risk reduction strategies.
- Oversees ongoing research into emerging information systems technology and governmental laws and regulations to anticipate and plan for security measures or guidance for regulatory compliance which may be required
- Assist in the selection and tailoring of approaches, methods and tools to support IT Security service offering or industry projects
- Build and nurture positive working relationships with senior management with the intention to exceed expectations
- Interface with the Privacy Office to assist in compliance with new regulations regarding protecting the privacy of customer data
- Manages budget for IT Security team and provides regular updates to management. Monthly budget against forecast reports are generated and provided to management with explanations of any significant variances to budget.
- Full people management responsibility, including hiring, firing, promotions, performance and compensation, and training and development.
- Attracts and develops talent to enhance the team’s effectiveness
- FSA / FISC based periodical system risk assessment all business applications and critical infrastructure including cloud computing mobile devices and EUCs.
- As secretariat and a member of IT Risk Management Sub-Committee, lead company wide information security and report the risks to the senior management IT SOX
- Maintain / foster regulatory relations in IT risks
- Lead company-wide supplier information security inspection
- Design and lead security monitoring over email / network / servers / various endpoint devices for cyber security / fraud detection / internal control
- Identity and Access Management for employees & non-employees
- Responsible to corporate wide cyber security as a head of CIRT (Cyber Incident Response Team)
- Lead cross industrial interaction / information gathering especially in vulnerabilities / cyber security threat
- Lead globally aligned and cross industrial cyber incident response exercises
- Bachelor’s degree in Computer Science or related technical field required; advanced degree and/or relevant certifications preferred
- 10-15 years’ experience in IT security, audit, compliance, or related consulting
- 6-8 years direct experience managing security, auditing, compliance projects and/or processes
- Minimum 5 years of management experience in large financial industry, preferably in Japan
In depth knowledge of FSA / FISC standards.
- Firsthand experience in direct communication with the local regulatory. Experience of lead of IT risks in the FSA inspect on highly desired
- Comprehensive understanding of cutting edge cyber security. Highly capable to understand cyber risks as well as leading company-wide cyber incident response
- Knowledge and experience of IT disaster recovery over system troubles, natural disaster and associated recovery strategies
- A high degree of knowledge in IT Security and controls and/or related legislation and mandates
Excellent people and project management skills
- Strong analytical and problem solving skills;
Excellent presentation skills (both verbal and written) to demonstrate security and risks using vocabularies of business seniors.
- The ability to interface with diverse groups including technical specialists and senior IT and Business management.
- Relevant industry Security, audit, and compliance certifications such as CISA, SANS, or CISSP Certifications desired
- Fluent in Japanese & English
- Highly motivated and robust under pressure of fast moving business culture
- Overseas working experience or managing multi-national / cultural team would be desired