- We are looking for IT Risk Governance Professional for a leading life insurance company based in Tokyo
- You will be expected to play a critical role as IT Risk Governance Analyst to protect the confidentiality, integrity, and availability of the company’s and customer’s information.
- Expect to provide hands-on work for the daily activities and also propose solutions to the improvement initiatives.
- Expect to promote our Information Security programs by working closely in the IT organization and with other control functions as well as related businesses.
This position serves following critical functions in Information Security Group. For each aspect, key points are to assess, respond and drive improvement from the risk management perspective.
- Conduct reviews and provide advice from the risk perspective to compile proper regulatory communication with Financial Services Agency (FSA) regarding security and system incidents.
- Conduct and support for maintaining policy, procedures and manuals related to Information Security area.
- Respond to questionnaires on information security from group insurance customers and/or bank customers.
- Conduct and support IT risk finding management (i.e. Promoting and supporting the registration of IT risk findings, Monitoring remediation progress of IT risk findings, Preparing and maintaining relevant metrics and reports for stakeholders, etc)
- Conduct Self-Assessment against Technical Safety Management Measures of PIPA (Personal Information Protection Act) and address gap items if any.
- Communicate and liaise proactively work with local and global counterparts for executing activities related to Information Security areas.
- Respond to the regulatory changes or industry wide trends relating to Information Security and analyze for implications or measures to be taken as necessary.
- Minimum of 4 years of hands-on experience in Information Security related field.
- Native or equivalent level of Japanese and intermediate level of English proficiency.
- Ability to prepare accurate reports for all levels of staff in an appropriate clear language and provide oral presentation.
- Willing to learn new things in technologies and information security.
- Interest in broader risk management areas such as IT security, third-party risk and emerging tech risk management.
- Experience or interest in financial industry particularly life insurance.
- Familiar with regulatory/industry standards (NIST CSF, PCI DSS, FISC)