A world-renowned insurance company is looking for a talented Country Information Risk Governance Manager to join their firm. 

Responsibilities

- Provide technical oversight and leadership necessary to accomplish objectives, input to financial and people resource plans for the relevant areas

- Develop and define the work plans and priorities

- Support business relationships with the internal and external security auditors and regulators

- Partner with internal teams to ensure successful security programs that align with compliance requirements

- Assist with aligning and codifying controls to show how they are mitigating information security risk

- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls

- Identify, research, and evaluate new information security requirements and present them to relevant stakeholders

- Understand technical implementation details necessary to identify and assess security risks and recommend mitigating controls

- Participate in the development and oversight of required corrective action plans relating to information security issues

- Assist with daily activities and functions such as vulnerability management

【Company Details】

One of the largest Insurance company in Canada and the 28th largest fund manager in the world based on worldwide institutional assets under management (AUM). It proud itself of an exciting international environment , with extensive benefits and great work-life balance. 

【Working Hours】
9:00 - 17:00 (Monday-Friday) Hybrid

【Holidays】
National Holidays, Year-end and new year holidays, Annual Paid Holiday. For Regular employee, other special holidays are available (e.g. Anniversary Leave), etc.

【Services / Benefits】

Social Insurance (Health Insurance, Employees' Pension, Unemployment Insurance, Worker's Accident Insurance), Benefit One, Training system (include Japanese lesson / English lesson), Childcare Leave/Family care Leave, Baby-sitter support program, wiwiw System (Support program for those who take Childcare Leave), Retirement Pension (only for Regular employee), No smoking indoors allowed (Designated smoking area), etc.

- Experience of assessing security risk for large scale technology-based organizations working on technical risk assessments, managing vendors locally, remotely and project management

- Experience working with Security Controls across 1 or more domains: Access Management, Encryption, Network Security, Data Security, Configuration Management, Vulnerability Management, Physical Security, and so on

- In-depth experience of 1 or more compliance frameworks: PCI DSS, SSAE16 /SOC1, SOC2, ISO27001

- Knowledge of applicable legal and regulatory requirements including the Sarbanes-Oxley Act, PCI-DSS and the Japanese FSA