A Japanese leading financial service company is looking for an experienced SOC and Reporting Manager in Tokyo, office.
The successful candidate will lead at management of shared service team at their group Security Control Department. The team need to deliver two main tasks as below.
The SOC and Reporting Director role is the head of the SOC and Reporting function whose role is to oversee the effective operation of security controls. Most of this effort is towards the actual operation of shared security capabilities delivered through centrally run services. These are centered around vulnerability management, asset management, logging & monitoring and awareness training.
The SOC and Reporting Director will be responsible for the oversight of the operational services as well as developing new services and extending the existing ones. This involves work within both the security team as well as with the broader IT teams inside the corporate function as well as in the businesses themselves.
- Lead the overall function and own the KPIs representing the effective and efficient operation of the security shared services
- Provide leadership and mentorship to the team of technical experts representing the wide cross section of security expertise required to run the various shared service capabilities.
- Provide leadership towards the further deployment of the shared services to new businesses.
- Lead overall objectives to create a roadmap to implement meaningful security improvements leveraging the shared security services.
- Provide operational leadership with regards to the onboarding of shared security services to address security deficiencies within each business unit
- Provide guidance towards the remediation of security issues in externally hosted IT services. This includes PaaS, IaaS and SaaS services. The services could be security controls themselves delivered through externally hosted parties (e.g. hosted vulnerability management or managed SOC, etc…)
- Be accountable for the augmentation of the security shared services with externally provided capabilities and ensure the overall resulting services is consistent and seamless to the internal their business customers.
- Support the Architecture and Technical Director to develop the service model (including financial model) for the security shared services
- Be accountable for the oversight to ongoing quality control and financial management of the delivery of shared security services.
- Lead the incident investigation process where events are determined to require further investigation.
- Oversee externally contracted penetration testing experts to further investigate security events identified by the logging and monitoring or vulnerability management toolsets.
[Essential Duties and Responsibilities]
- Work under the direction of the their Group CISO
- Manage effective working relationships with all stakeholders and customer organizations
- Ensure flexible, efficient and cost-effective strategies are defined
- Ensure effective team working relationships within all areas of the IT group
- Engaging various teams locally and abroad, effectively adopt the required security controls into their cloud-based IT endeavors
- Act as the overall security operations information security leader. Be capable of engaging information asset owners as well as technology managers to explain and onboard businesses and key functional units throughout them
- Work closely with the Architecture and Technical Director as well as the Director of Execution and Quality Assurance to facilitate security improvements throughout them
- Shape the creation of functional reports to foster understanding of their security posture as well as help drive meaningful change
- Oversee the engagement of 3rd party expertise to complement / augment their staff
Founded as a leasing company, one of major Japanese financial services company that is constantly growing, creating new value and new markets through finance and services.
9:00 - 18:00（Mon - Fri）
Saturday, Sunday, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays
Social insurance, Transportation Fee, No smoking indoors allowed (Designated smoking area), etc.
- A clear understanding of security best practices in Japan and internationally with a proven track record of implementing these in businesses globally
- A demonstrated track record of designing, deploying, reviewing and overseeing implementation of security controls into information technology managed internally as well as through 3rd party providers / hosted services.
- Working knowledge of implementing security controls and overseeing their operation in AWS, Azure, etc..
- A strong understanding of cloud-centric security frameworks such those published by NIST (NIST Special Publication 800-144) and the CSA.
- A very strong technical background especially in matters of server, endpoint and network infrastructure configuration.
- Proven track record of running security operations (or running Security Operations Centers) ▪ A practical approach to security whereby both the technical objectives as well as the functional and economic impacts are considered towards effective outcomes
- Highly knowledgeable of business operational processes with regards to change management, operational management and quality control.
- A good understanding of security technology and operational procedures. Experience deploying security tools for logging, anti-virus and data loss prevention would be advantageous.