Leading Financial service comany is looking for an experienced Security SME, Security Analyst.
The Policy and Standards Analyst role sits inside the Execution and Quality Assurance function whose role is to oversee the delivery of the security transformation program and to provide assurance that it has been delivered as intended. Most of this effort is towards validating the implementation and operation of the shared service capabilities (vulnerability management, asset management, logging & monitoring and awareness training) and other minimum security standard controls.
In the capacity of the Policy and Standards Analyst, you will create and maintain relevant cybersecurity policies and standards. You will work with other members of the team to determine relevant content that needs to be created or modified, consult with subject matter experts to define the content details and then do the actual documentation itself. The function will report to a team manager whom will report to the Director of Transformation who reports to the group CISO.
- Identify all the relevant policy documents and standards that are necessary to support the cybersecurity program
- Track all changes required
- Define any new documents required
- Work with subject matter experts in the team to determine the detailed changes required
- Collaborate with security experts in other their businesses in Japan and overseas to acquire best practices that can be incorporated
- Go about updating the documents in line with subject matter guidance
- Manage the document library
The main overall focus will be the cybersecurity documentation. This includes the process of keeping them up to date as well as the management of the document repository itself
- Work under the direction of the Director of Execution and Quality Assurance
- Manage effective working relationships with all stakeholders and customer organizations ▪ Ensure effective team working relationships within all areas of the IT group.
- Engaging various teams locally and abroad, ensuring collaboration towards information security documentation.
- Act as the single point of contact for all cybersecurity documentation matters
- Manage the repository for cybersecurity documentation so that they can be easily accessible by their staff and kept updated with the required changes.
【会社概要 | Company Details】
A major Japanese financial services company that is constantly growing by creating new value and new markets through finance and services.
【就業時間| Working Hours】
9:00 - 18:00（月 - 金）
【休日休暇 | Holidays】
年間120日 年次有給休暇12～20日 完全週休2日制（土日祝日）年末年始、年次有給休暇、慶弔休暇、公職休暇、産前産後休暇、育児休職（子が満3歳に達するまで）、ボランティア休暇・休職、看護休暇、介護休暇 など
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【福利厚生 | Services / Benefits】
Social insurance, Transportation Fee, No smoking indoors allowed (Designated smoking area), etc.
- Articulate and clear expression with respect to IT Security related documentation skills
- Solid understanding of cybersecurity concepts in areas of technology, controls, governance, etc.
- Two years’ work experience in an information security position
- Knowledge of security and IT and information security assurance frameworks and reporting standards, such as ISO27001, NIST Cyber Framework, COBIT, ISAE 3402, SOC1, SOC2
- Nice to have relevant background and certifications are Certified IT auditor (RE), CISA, CRISC, CISM or comparable.
- Good communication skills (written and verbal) to be capable of engaging both technical and operational staff and vendors in explaining findings and required actions