Information Security Officer
The world's leading brand running in more than 70 countries and regions around the world. In Japan, the business has grown over the past 8 years and plans to double the size in the next 5 years. It is one of the fastest growing company in the industry.
The purpose of the Information Security Officer is to champion key areas of information security governance including information security risk and compliance as well as security awareness and training for the Japanese market.
The Information Security Officer will work closely with the APAC Security Manager to implement, maintain, and mature key aspects of the group security strategy and information security program within the Japanese market as well as advising many exciting technology project implementations, ensuring that the business, financial, policy compliance and technical outcomes are achieved in a secure manner.
This exciting fast paced role requires a special individual that is not only at home in the information security governance and compliance space but also has a good understanding how security technology supports a comprehensive Information Security program.
Initiate, facilitate and promote activities to create a positive information security culture across the organization, including:
- Group Security Policies and Standards are implemented and known to affected staff
- Risks, threats and vulnerabilities across commerce, store and corporate IT systems are identified and managed
- Vendor security risk reviews are conducted and to work with business stakeholders to manage vendor information security risk
- Staff are trained and made aware of security threats, policy and other security topics
- Support the Security Engineer with Security Operations tasks and be the primary contact for Security Incident Response within the Japanese Market.
The primary focus for this role is information security governance, risk, compliance, awareness, and education for Japan. This includes:
- Where required, Group Security Policies, Standards and other processes are translated into Japanese, approved for the local market and affected staff are provided training.
- Information security risks and issues are identified and managed including maintenance of the risk register, and communication and tracking of system vulnerabilities.
- Vendor information security risk reviews are conducted, and security questionnaire templates maintained.
- Information Security Awareness and Education is provided to head office staff and store staff, including the development of training and awareness materials and content.
- Security assessments and reviews are conducted, or where required, support external assessors to test control implementation and effectiveness against Information Security Policy, standards, and external compliance requirements.
- Assist in the analysis of the corporate and store IT environment and recommend opportunities for improvement in the security space.
- Advise business stakeholders and projects to ensure new systems meet the project requirements, applicable risks are considered, and strategies, policy and standards are adhered to.
Secondary to this:
- Participate in, and assist the local Japan Security Engineer and the wider Group Information Security team with security operations including security incident response.
- Assist the Japan Security Engineer to ensure Group Security Technical Controls are implemented and maintained.
- Ensure 3rd party penetration tests and security assessments relevant to the Japanese market are conducted when required.
- Participate in the Group Security Team's out of hours on call roster to respond to security events.
Rewards & Benefits
- Great flexibility (IT team has almost no core time in flex time / Remote work system)
- High salary standard
- Powerful business growth
- Friendly work environment
- Career path to other countries 'offices
- Great training system
- Good chance to be promoted quickly
Skills / Experience
- Experience within IT security / information security with at least 3 years in an information security governance, risk, compliance, audit role.
- Experience implementing, maintaining, or assessing information security governance frame works/standards such as ISO27001, NIST CSF and PCI-DSS.
- Experience implementing or maintaining an information security awareness program
- Experience developing information security policies and standards
- Broad knowledge of information security working within a large enterprise with a good understanding of supporting technical security controls.
- Industry certifications, for example: CISSP, CISM, CISA, CSRIC, CIPT, CRISC, PCI-P, OSCP
- Working experience within a retail environment including online commerce, supply chain, point of sale.
- Knowledge of privacy law and standards - specifically Act on the Protection of Personal Information (APPI).
- Experience administering and using technical security controls such as Anti-virus, Vulnerability Scanners, SIEM tools to investigate and respond to security incidents and events.
- Experience working in a security operations / Security Incident Response Team
- Broad technical knowledge of networking, server, endpoint technologies.
- Knowledge of or working experience in cloud services, e.g., Microsoft Azure/AWS security features.
To find out more about Computer Futures, please visit www.computerfutures.com | Computer Futures についてもっと詳しく知りたい方はこちらへ→ www.computerfutures.com
Award winner of:
Great Place to Work 2019 | Growth Company of the Year by TALint Recruitment Awards 2019 | Best IT & Technology Recruitment Company of the Year by Recruitment International Awards 2018