A Japanese leading financial service company is looking for an experienced Technical Expert (Cloud Security Services) in its Tokyo, office. The successful candidate will be working at the IT security Architecture and technical team at their group Security Control Department. The team needs to deliver three main tasks as below.
The Cloud Security Services Manager role sits inside the Architecture and Technical Leadership function whose role is to develop new capabilities globally for information security. As the migration of the systems continues to be moved to hosted providers or completely moved to a service-based consumption model, the nature of how security controls are designed, deployed and operated are also changing. This shift requires expertise that can guide / lead the process of security controls that are effective in these IT delivery models.
The Cloud Security Services Manager will be responsible for advisory, assessment and design work. The scope of this work includes operational and technological matters. The work is expected to take place both within the security team as well as with the broader IT teams inside the corporate function as well as in the businesses themselves.
- Provide guidance towards the remediation of security issues in externally hosted IT services. This includes PaaS, IaaS and SaaS services. The services could be security controls themselves delivered through externally hosted parties (e.g. hosted vulnerability management or managed SOC, etc…)
- Design and support ongoing operation of all the security shared services that are delivered through cloud-based services.
- Business Unit Guidance: work with the digital transformation team and other business units to provide guidance on secure ways to consume data and develop systems.
- Guideline Development: write a series of guidelines for the secure adoption of cloud technologies, the use of security products (e.g. CASBs) and best practice for vendor engagement.
- Security Framework: contribute to the ongoing definition, communication and roll out of a global Security Framework based on international standards.
- Vendor Management: contribute to vendor assessment and selection including running competitive bidding processes and contract negotiation.
- Internal Process: contribute to, and in some cases lead, the internal processes related to gaining approval for new projects and IT spend where cloud-based services are involved.
【Duties and Responsibilities】
- Work under the direction of the Director of Architecture and Technical Leadership
- Manage effective working relationships with all stakeholders and customer organizations
- Ensure flexible, efficient and cost-effective strategies are defined
- Ensure effective team working relationships within all areas of the IT group.
- Engaging various teams locally and abroad, effectively adopt the required security controls into their cloud-based IT endeavors.
- Act as a subject matter expert on cloud-centric or outsourced IT security across people, process and technological matters. Be capable of engaging information asset owners as well as technology managers to explain these measures
- Work closely with the managers of the security shared services to ensure that the requisite controls are included in the shared services delivered by the security team itself.
- Be capable of creating functional reports to foster understanding of the situation as well as help drive meaningful change.
- Understand how to leverage 3rd party expertise on areas where the individual is not an expert while presenting and owning the holistic solution (one point of accountability for cloud security)
【会社概要 | Company Details】
Founded as a leasing company, a major Japanese financial services company that is constantly growing, creating new value and new markets through finance and services.
【就業時間 | Working Hours】
9:00 - 18:00（Mon - Fri）
【休日休暇 | Holidays】
Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
【待遇・福利厚生 | Services / Benefits】
Social insurance, Commuting allowance, No indoor smoking (designated smoking area) etc.
- A clear understanding of the best practices for implementing cloud-based security controls.
- A demonstrated track record of designing, deploying, reviewing and overseeing implementation of security controls into cloud-based services (or externally hosted services).
- Working knowledge of implementing security controls and overseeing their operation in AWS, Azure, etc..
- A strong understanding of cloud-centric security frameworks such those published by NIST (NIST Special Publication 800-144) and the CSA.
- A very strong technical background especially in matters of server, endpoint and network infrastructure configuration.
- An excellent understanding of developing web applications in a secure fashion
- A practical approach to security whereby both the technical objectives as well as the functional and economic impacts are considered towards effective outcomes
- Good communication skills (written and verbal) to be capable of engaging both technical and operational staff and vendors in explaining findings and required actions
- Sound knowledge of business operational processes with regards to change management, operational management and quality control.
- Demonstrated understanding of technically implementing controls in cloud platforms (IaaS, PaaS), 3rd party SaaS providers, 3rd party vendors as well in on premises data centers, office environments and mobile workforces.
- A good understanding of security technology and operational procedures. Experience deploying security tools for logging, anti-virus and data loss prevention would be advantageous.
- An understanding of security design in relation to Industrial IoT would be advantageous.
- Security Certifications: GIAC, CEH, CompTIA Securityy+, CISSP, CISA, CISM, CREST, SABSA, and CSA