IT Risk & Control Specialist (SOX / FA Audit)

Job Type
500,000 JPY - 680,000 JPY per month
Japanese Level
English Level
Advanced (TOEIC 860)
Start Date


A leading Japanese finance group is seeking a bilingual IT Risk & Control consultant with experience in a finance or consulting firm to coordinate activities for Japan SOX and Audits

Team overview: IT Risk & Control defines and oversees the technology governance and control framework for technology development and operational activities.


【Objectives of the team】
‐ Establish, maintain and operate a robust IT Risk Management Framework within the firm-wide Enterprise Risk Management (ERM) framework.
‐ Measure risk exposure through risk management reference and operational data and to assist IT Management establish its risk tolerances through KRI thresholds and a risk acceptance process.
‐ Advise Technology Management of the governance, Risk and control best practice..
‐ Responsible for liaising with other internal governance authorities, i.e. Internal Audit, Operational Risk Management, Compliance, Legal, and Regulatory Affairs ensuring that their requirements are communicated to Technology and taken into account when considering risk exposure and response.


‐ Support testing of Japan SOX controls requiring close co-ordination with Internal and External Audit teams to confirm the operational effectiveness of IT controls across SOX /FA in scope applications.
‐ Collaborate and communicate with Internal Auditors, External Auditors and the relevant application support teams per the audit requirement
‐ Gather evidence and validate adherence to key controls such as IT General controls, IT application access controls, etc. thereby helping to identify the risks and assist technology team to identify mitigating actions.
‐ Undertake regular assessment to ensure controls, policies and procedures are adhered to.
‐ Create reports for management meetings / regulatory requirements
‐ Assist on other Asia Pacific IT Risk and Control initiatives including Vendor Risk Management, Disaster Recovery Management
‐ Identify and present process improvement opportunities to further streamline the processes as required.
‐ Understand and stay abreast of the changing regulatory environment




‐ 適用範囲のSOX/FA間におけるIT統制の運用有効性を確認するため、内部・外部の監査チームと協力し、日本版SOX法の統制テストをサポートする
‐ 監査要件ごとに、内部監査員、外部監査人および関連するアプリケーションサポートチームと連携してコミュニケーションを取る
‐ IT統制、ITアプリケーションアクセスコントロール等の主要コントロールにおける証拠の収集、順守の検証を行うことによって、リスクを特定し、テクノロジーチームによる軽減措置の特定を支援する。
‐ コントロール、方針、および手順の遵守を確実にするため定期的なアセスメントを実施する
‐ 管理会議/規制要件に関するレポートを作成する
‐ ベンダーのリスク管理、災害復旧管理を含む,、APACにおけるITリスクおよび統制の取り組みを支援する
‐ 必要に応じてプロセスをさらに合理化するために、プロセス改善の機会を特定し提案する
‐ 変化する規制環境を理解し、対応する

Required Skills

‐ IT Risk & Control, IT Risk Management, or IT Audit, (preferably in financial service or consulting firms).
‐ Professional qualification
‐ Project management and strong analytical skills
‐ Experience in leading and coordinating meetings
‐ Strong communication skills
‐ Experience in performing risk assessments
‐ Manage Governance Risk Compliance Tool
‐ MS Office skill
‐ Excel Macro Skill



‐ ITリスク&コントロール、ITリスク管理、またはIT監査経験(金融サービスまたはコンサルティング会社が望ましい)
‐ 専門資格
‐ プロジェクト管理と優れた分析スキル
‐ 会議の主導と調整の経験
‐ 優れたコミュニケーションスキル
‐ リスクアセスメントの実施経験
‐ ガバナンス リスク コンプライアンス ツールの管理
‐ MS Officeスキル
‐ Excelマクロスキル

Preferred Skills

‐ Relevant qualifications including CISA, CISM or other IT governance, risk, or audit professional
‐ IT General Control / IT Risk management experience in Agile or DevOps
‐ SharePoint
‐ Service Nows



‐ CISA、CISM又はその他のITガバナンス、リスク、または監査資格を含む関連資格
‐ AgileまたはDevOpsにおけるIT統制/ ITリスク管理の経験
‐ SharePoint
‐ Service Nows