#Security Director, SOC and Reporting

Job Type
Permanent
Salary
Based on Experience
Japanese Level
Advanced (JLPT Level 1)
English Level
Advanced (TOEIC 860)
Start Date
ASAP
Location
Tokyo

Description

A Japanese leading financial service company is looking for an experienced SOC and Reporting Manager in Tokyo, office.

The successful candidate will lead at management of shared service team at their group Security Control Department. The team need to deliver two main tasks as below.

 

  1. Security operations and reporting
  2. Threat Intelligence

The SOC and Reporting Director role is the head of the SOC and Reporting function whose role is to oversee the effective operation of security controls. Most of this effort is towards the actual operation of shared security capabilities delivered through centrally run services. These are centered around vulnerability management, asset management, logging & monitoring and awareness training.

The SOC and Reporting Director will be responsible for the oversight of the operational services as well as developing new services and extending the existing ones. This involves work within both the security team as well as with the broader IT teams inside the corporate function as well as in the businesses themselves.

 

【Responsibilities】

- Lead the overall function and own the KPIs representing the effective and efficient operation of the security shared services

- Provide leadership and mentorship to the team of technical experts representing the wide cross section of security expertise required to run the various shared service capabilities.

- Provide leadership towards the further deployment of the shared services to new businesses.

- Lead overall objectives to create a roadmap to implement meaningful security improvements leveraging the shared security services.

- Provide operational leadership with regards to the onboarding of shared security services to address security deficiencies within each business unit

- Provide guidance towards the remediation of security issues in externally hosted IT services. This includes PaaS, IaaS and SaaS services. The services could be security controls themselves delivered through externally hosted parties (e.g. hosted vulnerability management or managed SOC, etc…)

- Be accountable for the augmentation of the security shared services with externally provided capabilities and ensure the overall resulting services is consistent and seamless to the internal their business customers.

- Support the Architecture and Technical Director to develop the service model (including financial model) for the security shared services

- Be accountable for the oversight to ongoing quality control and financial management of the delivery of shared security services.

- Lead the incident investigation process where events are determined to require further investigation.

- Oversee externally contracted penetration testing experts to further investigate security events identified by the logging and monitoring or vulnerability management toolsets.

 

[Essential Duties and Responsibilities]

- Work under the direction of the their Group CISO

- Manage effective working relationships with all stakeholders and customer organizations

- Ensure flexible, efficient and cost-effective strategies are defined

- Ensure effective team working relationships within all areas of the IT group

- Engaging various teams locally and abroad, effectively adopt the required security controls into their cloud-based IT endeavors

- Act as the overall security operations information security leader. Be capable of engaging information asset owners as well as technology managers to explain and onboard businesses and key functional units throughout them

- Work closely with the Architecture and Technical Director as well as the Director of Execution and Quality Assurance to facilitate security improvements throughout them

- Shape the creation of functional reports to foster understanding of their security posture as well as help drive meaningful change

- Oversee the engagement of 3rd party expertise to complement / augment their staff

 

日系大手金融サービス企業が、東京オフィスで経験豊富なSOC & レポーティング・ディレクターを募集しています。

 

このポジションは、同社グループのセキュリティコントロール部門のシェアードサービスチームの管理をリードします。

チームは、以下の2つの主要なタスクを提供する必要があります。

- セキュリティオペレーションとレポーティング
- 脅威のインテリジェンス

 

SOC & レポーティングディレクターは、SOCおよびレポーティング機能の責任者であり、セキュリティコントロールの効果的な運用を監督する役割を担っています。この役割のほとんどは、中央で運営されるサービスを通じて提供される共有セキュリティ機能の実際の運用に向けて行われます。これらは、脆弱性管理、資産管理、ログとモニタリング、意識向上トレーニングを中心としています。

 

【主な業務内容】

- グループCISOの指示の下、業務を遂行する

- すべてのステークホルダーおよび顧客組織との効果的な関係を構築する

- 柔軟性、効率性、費用対効果に優れた戦略の策定

- ITグループのすべてのエリアで、効果的なチームワークを確保する

- 国内外の様々なチームを巻き込み、クラウドベースのITに必要なセキュリティコントロールを効果的に導入する

- セキュリティオペレーション全体の情報セキュリティリーダーとしての役割を果たす。情報資産所有者や技術管理者を巻き込んで、ビジネスや主要な機能単位を説明し、それら全体に乗り入れることができること

- アーキテクチャ・テクニカルディレクター、実行・品質保証ディレクターと密接に連携し、全体的なセキュリティ改善を促進する

- 機能別レポートを作成し、セキュリティ状況の理解を深め、重要な変化を促進する

- スタッフを補完・増強するためのサードパーティの専門家の関与を監督する

 

 

【会社概要】

リース会社として創業、金融やサービスを通じて、新しい価値、新しいマーケットを作り出し常に成長している日系大手金融サービス企業です。

Founded as a leasing company, one of major Japanese financial services company that is constantly growing, creating new value and new markets through finance and services.

【就業時間】
9:00 - 18:00(Mon - Fri)

 

【休日休暇】       

完全週休2日制(土・日)、祝日、年末年始、有給休暇 など

Saturday, Sunday, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays

 

【福利厚生】          

社会保険完備(健康保険、厚生年金、労災保険)、定期健康診断、雇用保険、屋内原則禁煙(屋外に喫煙所あり)等

Social insurance, Transportation Fee, No smoking indoors allowed (Designated smoking area), etc.

Required Skills

- A clear understanding of security best practices in Japan and internationally with a proven track record of implementing these in businesses globally

- A demonstrated track record of designing, deploying, reviewing and overseeing implementation of security controls into information technology managed internally as well as through 3rd party providers / hosted services.

- Working knowledge of implementing security controls and overseeing their operation in AWS, Azure, etc..

- A strong understanding of cloud-centric security frameworks such those published by NIST (NIST Special Publication 800-144) and the CSA.

- A very strong technical background especially in matters of server, endpoint and network infrastructure configuration.

- Proven track record of running security operations (or running Security Operations Centers) ▪ A practical approach to security whereby both the technical objectives as well as the functional and economic impacts are considered towards effective outcomes

- Highly knowledgeable of business operational processes with regards to change management, operational management and quality control.

- A good understanding of security technology and operational procedures. Experience deploying security tools for logging, anti-virus and data loss prevention would be advantageous.

 

- 日本および国際的なセキュリティのベストプラクティスを明確に理解し、これらをグローバルに展開した実績があること

- 社内で管理されている情報技術に加え、サードパーティのプロバイダーやホストサービスを利用して、セキュリティコントロールの設計、導入、レビュー、導入の監督を行った実績があること

- AWS、Azureなどでのセキュリティコントロールの実装および運用の監督に関する実務知識

- NIST(NIST Special Publication 800-144)やCSAが公開しているような、クラウドを中心としたセキュリティフレームワークを熟知していること

- 特にサーバー、エンドポイント、ネットワークインフラストラクチャの構成に関する事項について、非常に優れた技術的背景を有すること

- セキュリティオペレーションの運営(またはセキュリティオペレーションセンターの運営)の実績があること

- 技術的な目的だけでなく、機能的、経済的な影響の両方を考慮して、効果的な成果につなげることができる、セキュリティに対する実践的なアプローチを持っていること

- 変更管理、運用管理、品質管理に関するビジネス運用プロセスに精通していること

- セキュリティ技術と運用手順をよく理解していること。ロギング、アンチウィルス、データ損失防止のためのセキュリティツールを導入した経験があると有利

 

Preferred Skills