- We are looking for IT Risk Management Professional for a leading life insurance company based in Tokyo
- You will be expected to play a critical role as IT Risk Management Analyst to protect the confidentiality, integrity, and availability of the company’s and customer’s information.
- Expect to provide hands-on work for the daily activities and also propose solutions to the improvement initiatives.
- Expect to promote our IT Risk & Security programs by working closely in the IT organization and with other control functions as well as related businesses.
- Conduct IT auditee tasks on IT General Control (ITGC) of US-GAAP (SOX) and J-GAAP external IT audits for Japan in a timely manner (i.e. collect/review relevant documents/evidence to be submitted to external audits, organize several crucial meetings with external auditors and also interview sessions, Cope with several inquiries from users/external auditors and also support IT Groups/Teams on finding remediation/inquiries on SOX compliance, etc)
- Conduct and support IT risk finding management (i.e. Promoting and supporting the registration of IT risk findings, Monitoring remediation progress of IT risk findings, Preparing and maintaining relevant metrics and reports for stakeholders, etc)
- Conduct global based IT technical assessments for Japan based upon the global instructions
- Conduct and support various efforts and IT related activities for sustaining PCI DSS Compliance including the control enhancement based upon standard upgrade
- Conduct and support for maintaining policy, procedures and manuals related to IT Risk & Security areas
- Communicate and liaise proactively work with local and global counterparts for executing activities related to IT Risk and Governance areas including themes above.
- Expect to be familiar with one or more of following key security domains: Security & Risk Management, Asset Security, Security Architecture & Engineering, Communications & Network Security, Identity & Access Management, Security Assessment & Testing, Security Operations, Software Development Security.
- Respond to the regulatory changes or industry wide trends relating to IT Risk & Security and analyze for implications or measures to be taken as necessary.
- Minimum of 4 years of hands-on experience in IT Risk & Security related field.
- Business level English and advanced level Japanese.
- We are looking for someone with any of the following skills who is determined to build a career at a global company:
- Experiences of IT auditee to cope with US-GAAP IT audit and/or J-GAAP IT audit
- Experiences of IT risk finding management
- Experiences of IT risk assessment and/or IT technical assessment
- Experiences and/or knowledge concerning PCI DSS compliance
- Ability to prepare accurate reports for all levels of staff in an appropriate clear language and provide oral presentation.
- Interest in broader risk management areas such as IT security, third-party risk and emerging tech risk management.
- Experience or interest in financial industry particularly life insurance.
- Familiar with regulatory/industry standards (NIST CSF, PCI DSS, FISC)
- CISSP, CISM, CISA or similar certification is a plus