IT Risk & Security Department Manager

Job Type
14,000,000 JPY - 16,000,000 JPY per year (negotiable based on experience)
Japanese Level
Advanced (JLPT Level 1)
English Level
Advanced (TOEIC 860)
Start Date


A globally leading life insurance company is looking for an IT manager to head their IT Risk & Security Dept (ITRS) in Japan. You will lead a wide range of security and work with cutting edge cyber security. This position requires regional and global interaction, since the company is driving globally aligned best-in-class security initiatives. As a member of IT Risk Management Sub-Committee, head of ITRS is expected to interact and influence local senior management to plan and drive security strategy. You will also be in charge of managing and maintaining compliance with local regulatory requirements for IT risks.



‐Responsible for the planning, design, and enforcement of security policies and procedures which safeguard the integrity of and access to enterprise systems, files and data elements

‐Responsible for critical processes with high visibility to senior management

‐Establish guidance for compliance with information security policy and governmental laws or regulations; work with industry experts to stay abreast of latest changes and new developments affecting compliance policy or guidance

‐Review key compliance metrics to identify and report progress and to target training or resources to areas in need of remediation

‐Provide risk assessment guidance to enterprise

‐Identifies enterprise risk reduction strategies

‐Oversees ongoing research into emerging information systems technology and governmental laws and regulations to anticipate and plan for security measures or guidance for regulatory compliance which may be required

‐Assist in the selection and tailoring of approaches, methods and tools to support IT Security service offering or industry projects

‐Build and nurture positive working relationships with senior management

‐Interface with the Privacy Office to assist in compliance with new regulations regarding protecting the privacy of customer data

‐Manages budget for IT Security team and provides regular updates to management. Monthly budget against forecast reports are generated and provided to management with explanations of any significant variances to budget.

‐Full people management responsibility, including hiring, firing, promotions, performance and compensation, and training and development.

‐Attracts and develops talent to enhance the team’s effectiveness

‐FSA / FISC based periodical system risk assessment all business applications and critical infrastructure including cloud computing mobile devices and EUCs.

‐As secretariat and a member of IT Risk Management Sub-Committee, lead company wide information security and report the risks to the senior management IT SOX

‐Maintain / foster regulatory relations in IT risks

‐Lead company-wide supplier information security inspection

‐Design and lead security monitoring over email / network / servers / various endpoint devices for cyber security / fraud detection / internal control

‐Identity and Access Management for employees & non-employees

‐Responsible to corporate wide cyber security as a head of CIRT (Cyber Incident Response Team)

‐Lead cross industrial interaction / information gathering especially in vulnerabilities / cyber security threat

‐Lead globally aligned and cross industrial cyber incident response exercises

Required Skills

‐Bachelor’s degree in Computer Science or related technical field required; advanced degree and/or relevant certifications preferred

‐Experience in IT security, audit, compliance, or related consulting

‐Experience managing security, auditing, compliance projects and/or processes

‐Management experience in large financial industry, preferably in Japan

‐In depth knowledge of FSA / FISC standards

‐Firsthand experience in direct communication with the local regulatory. Experience of lead of IT risks in the FSA inspect on highly desired

‐Comprehensive understanding of cutting edge cyber security. Highly capable to understand cyber risks as well as leading company-wide cyber incident response

‐Knowledge of and experience in IT disaster recovery over system troubles, natural disaster and associated recovery strategies

‐A high degree of knowledge in IT Security and controls and/or related legislation and mandates

‐Excellent presentation skills (both verbal and written) to demonstrate security and risks using vocabularies of business seniors

‐The ability to interface with diverse groups including technical specialists and senior IT and Business management

‐Relevant industry Security, audit, and compliance certifications such as CISA, SANS, or CISSP Certifications desired

‐Highly motivated and robust under pressure of fast moving business culture

‐Oversea working experience or managing multi-national / cultural team would be desired