- 〜 1000万円
- Under the general direction of the “Head of IT Security”, the “Senior Information Security Officer” is responsible for the enhancement and delivery of a comprehensive security and privacy program for ****. The scope of this program is company-wide and includes information in electronic, print and other formats. The purpose of this program include： to assure that information created, acquired or maintained by ****and its authorised users, is used in accordance with its intended purpose; to protect ****information and its infrastructure from external or internal threats; and to assure that **** complies with statutory and regulatory requirements regarding information access, security and privacy.
POSITION DUTIES, RESPONSIBILITIES AND COMPETENCIES
Coordinate the development of **** information security policies, standards and procedures. With key IT owners, data custodians and governance groups in the development of such policies. Ensure that **** Japan policies support compliance with external requirements, and head office. Oversee the dissemination of policies, standards and procedures to the ****community.
Monitoring of Security,Measurements,Enforcements
Ensure the safety of informational assets from threats both external and internal by monitoring the enforcement of technical and procedure measurements
Education and Training
Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorised users.
Compliance and Enforcement
Serve as the **** compliance officer with respect to both head office and local security policies and regulations. Work with **** enterprise operational risk management where necessary. Prepare and submit required reports to external agencies where required.
Follow and improve existing Incident Reporting procedures, both for security incidents, and any alleged policy violations or potential complains from external parties. Serve as the official **** contact point for information security, privacy and any potential relationship with law enforcement agencies.
Risk Assessment and Incident Prevention
Maintain on-going risk assessment program targeting information security and privacy matters; recommend methods for improved vulnerability detection and remediation, and oversee and advise on vulnerability testing.
Act as the “Head Of IT Securities” designee representing **** on Information Security matters; serve as a contact point for external auditors and agencies, survey requests, etc. on security/privacy matters.
Keep abreast of latest security and privacy legislation, regulations advisories, alerts and vulnerabilities pertaining to **** and its overall mission.
- The emphasis of this position is on policy development, administration and compliance/incident response activities, and technical knowledge. Candidates with less technical/policy knowledge will be considered when there is competing knowledge in other related areas. Help will be provided on job for any candidates that lack related knowledge but have other redeemable qualities.
University degree or similar discipline required. Security certifications preferred but not essential. Minimum TOEIC level of 500 required.
Minimum five years of experience in information security, information technology or related field; experience in developing and administering an information security program desirable. Working experience of and experience in the policy and regulatory environment of information security, especially in the insurance industry is desirable. Excellent project management, written and oral communication skills desired; ability to work collaboratively with a broad range of constituencies essential. A demonstrate ability to work with a diverse group of people is required.