Information Security Risk Analyst

Job Type
7,000,000 JPY - 11,000,000 JPY per year
Japanese Level
English Level
Advanced (TOEIC 860)
Start Date


A large global life insurance company is hiring an Information Security Risk Analyst to ensure the company's business information security has an appropriate level of protection for their information assets, keeping with Group Standards and the particular risk profile. You will support vulnerability management (dynamic, static scan and subsequent remediation) and support the development, maintenance and update of the Information Security Architecture.


【Key Accountabilities】

Support delivery of the yearly company information risk countermeasure and associated improvement plan:

‐Conduct Business Risk Analysis with Application Owners and build its improvement plan

‐Deliver Information Security projects

‐Monitor the security risk exposure and provide comprehensive reports to Management and Group


Execute Security improvement projects from a point of business:

‐Design and implement tools and processes for Information Security

‐Monitor and report on delivery of Information Security requirements

‐Initiate risk reduction projects or Security Improvement project

‐Analyze local specific threat, FSA and compliance items

‐Review the report about Interview with information owner or Application Owner


Support Vulnerability, Cyber Resiliency and Security Incident Management:

‐Arrange Penetration Test and subsequent remediation

‐Support WAF implementation

‐Respond to security incidents

‐Support Cyber resiliency


Review all business projects or main gaps and ensure security compliance:

‐Draft the result of review meeting and security comment with recommended solution


Control Japan vendors:

‐Conduct 3rd vendors security inspection

‐Make a report and suggestion to mitigate risks

Required Skills

‐Understanding of OWASP Top 10

‐System development background

‐System operation experience

‐Informatiaon technology experience including system in security

Preferred Skills

‐Security related license (i.e. CISSP, CISM, etc)

‐Knowledge of Infra and Application security