A Japanese leading financial service company is looking for an experienced Technical Expert (Training and Awareness) in its Tokyo, office. The successful candidate will be working at the IT security Architecture and technical team at their group Security Control Department. The team needs to deliver three main tasks as below.
The Training and Awareness Manager role sits inside the Architecture and Technical Leadership function whose role is to develop new capabilities globally for information security. As the technical lead for an area that exists as a Global Shared Service, the expectations of the role also extends to the deployment and evolution of the training capability and standard tooling. This includes being the primary technical expert in driving further integration of the globally standard tooling and ensuring the correct integration and ongoing operation of the tooling.
The Training and Awareness Manager will be responsible for overseeing the information security training program across globally. This will involve overseeing the ongoing deployment and adoption of a standardized training platform as well as the process behind it.
- Manage the toolset to drive the execution of the training programs.
- Ensure key PKIs with regards to training are met.
- Ensure that the toolset is generating the expected visibility on the level of information security awareness
- Create a global visibility of security awareness and understanding
- Manage the communication of the results and expected remediation tasks with the respective technical teams in each business across in their group
- Manage the overall improvement of security awareness among employees to ensure we maintain a “tolerable risk” profile
- Integrate awareness programs that exist in established businesses with the global toolset/approach to deliver a unified approach to awareness training for employees.
- Partner with businesses to create tactical remediation plans.
- Advise and guide the overall information security training and awareness activity
Whereas platform management of the awareness toolset itself will be the responsibility of the shared service or specific business, the training and awareness manager is expected to leverage the use of this tool to deliver the outcomes noted.
Note that this role is NOT designated to simply identifying gaps in the information security awareness of their employees. Rather, to coordinate a sustained program of activity to identify, categorize, report and oversee improvements in awareness.
The role of the Training and Awareness Manager will be to tune the scope and nature of regular assessments in order to identify whether or not gaps exist in their information security awareness in the face of the evolving nature of threats (e.g. phishing attempts). Once new threats are identified, to evaluate their impact, assign remedial training and track the progress of the awareness improvement itself (including reporting on specific and overall performance towards this goal).
【Duties and Responsibilities】
- Work under the direction of the Director of Architecture and Technical Leadership
- Manage effective working relationships with all stakeholders and customer organizations
- Ensure flexible, efficient and cost-effective training and awareness strategies are defined
- Engaging various teams locally and abroad, ensuring collaboration towards training and awareness programs and campaigns (these include regular training exercises as well as phishing drills)
- Act as a subject matter expert on matters identified in the awareness training and phishing drills and provide practical and effective treatment options. Be capable of engaging HR and general team managers to explain these measures
- Work closely with the training and phishing tool operators to give them guidance to what is expected as well as support the creation of content for training and phishing exercises (or guide 3rd parties doing so, where applicable)
- Be capable of creating functional reports to foster understanding of the situation as well as help drive meaningful change
- Understand how to leverage 3rd party expertise on areas where the individual is not an expert while presenting and owning the holistic solution (one point of accountability for information security training and awareness management)
【会社概要 | Company Details】
Founded as a leasing company, a major Japanese financial services company that is constantly growing, creating new value and new markets through finance and services.
【就業時間 | Working Hours】
9:00 - 18:00（Mon - Fri）
【休日休暇 | Holidays】
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【待遇・福利厚生 | Services / Benefits】
Social insurance, Commuting allowance, No indoor smoking (designated smoking area) etc.
- Experience with training and awareness technologies
- Experience in creating content relevant to security training and awareness programs
- Experience running phishing campaigns.
- Experience creating and running training and awareness programs
- A practical approach to security whereby both the technical objectives as well as the functional and economic impacts are considered towards effective outcomes
- Good communication skills (written and verbal) to be capable of engaging both technical and operational staff and vendors in explaining findings and required actions
- Security Certifications well regarded: GIAC, CEH, CompTIA Securityy+, CISSP, CISA, CISM, CREST, SABSA and CSA.