【大手金融サービス企業】ビジネス ITセキュリティーマネージャー

Based on Experience
中級(TOEIC 600)



Leading Japanese financial services company is looking for an experienced Business Security Manager.

The Business Security Manager role sits inside the Execution and Quality Assurance function whose role is to oversee the delivery of the security transformation program and to provide assurance that it has been delivered as intended. Most of this effort is towards project management of implementation of the shared service capabilities. These are centered around vulnerability management, asset management, logging & monitoring and awareness training.


As a key member of the team that drives execution, the expectations of the role also extends to supporting the evolution of the various shared service capabilities as lessons are learnt from the ongoing delivery.

The role of Business Security Manager is essential in creating a bridge between the corporate security function and the businesses in their Group. As an ambassador for security functions, this role serves to find effective means to improve security inside the business and where possible, bringing in the capabilities at the corporate office. At the same time, it is a role that gathers business operational details as well as conducting ongoing controls testing to both understand the nature of the business as well as the performance of security in supporting the business. The main tasks are as follows.


- Review the business against the minimum security standard and other security standards

- Support the business determine measures that are most effective towards remediating gaps

- Develop overall cybersecurity programs with the business

- Oversight on cybersecurity spending

- Gain a deep level of understanding of the business and report on this to the corporate security team

- Participate in the activities that evolve the shared security services

- Act as the single point of contact between the corporate security function and the business


The role is a security leadership position to build stronger ties with the business to encourage focus on security and its improvement.

Additionally, to provide a feedback loop to the corporate security team about the business priorities and challenges. The role requires a broad understanding of security but not necessarily to an expert level. Simply enough to engage with the topics and guide conversation and programs. To help the business take good risks confidently by making it resilient towards information security threats.



- Work under the direction of the Execution and Quality Assurance function.

- Manage effective working relationships with all stakeholders and customer organizations

- Ensure flexible, efficient and cost-effective information security strategies are defined

- Ensure effective team working relationships within all areas of the IT group.

- Engaging various teams locally and abroad, ensuring effective collaboration towards the deployment of the security shared services into the business assigned.

- Assist in the definition of project scope and objectives, involving all relevant stakeholders and ensuring technical feasibility.

- Oversee the implementation of security capability and their long term operation.

- Track project performance against security performance metrics.

- Provide regular reporting on the status of the information security program.

- Provide guidance towards for security improvements.

- Provide direction to the business security staff that manage the security technology & operation.

- Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.

- Document and report on the overall business activity and key areas requiring cybersecurity.






- 実行および品質保証機能に沿って作業を行う

- すべての利害関係者および顧客組織との効果的な協力関係を構築する

- 柔軟性、効率性、費用対効果に優れた情報セキュリティ戦略を確実に定義する

- ITグループのすべてのエリアにおいて、効果的なチームワークを確保する

- 国内外の様々なチームを巻き込み、割り当てられたビジネスへのセキュリティシェアードサービスの展開に向けた効果的なコラボレーションを確保する

- プロジェクトの範囲と目的の定義を支援し、関連するすべての利害関係者を巻き込み、技術的な実現可能性を確保する

- セキュリティ機能の実装とその長期的な運用を監督する

- セキュリティパフォーマンス指標に対するプロジェクトパフォーマンスの追跡

- 情報セキュリティプログラムの状況を定期的に報告する

- セキュリティ改善のための指導を行う

- セキュリティ技術と運用を管理するビジネスセキュリティスタッフに指示を与える

- 適切な情報セキュリティポリシー、プラクティス、およびガイドラインを提供することにより、セキュリティがプロジェクトデリバリープロセスに組み込まれるようにする

- 全体的なビジネス活動とサイバーセキュリティを必要とする主要分野についての文書化と報告



【会社概要 | Company Details】

A major Japanese financial services company that is constantly growing by creating new value and new markets through finance and services.

【就業時間| Working Hours】
9:00 - 18:00(月 - 金)


【休日休暇 | Holidays】       

年間120日 年次有給休暇12~20日 完全週休2日制(土日祝日)年末年始、年次有給休暇、慶弔休暇、公職休暇、産前産後休暇、育児休職(子が満3歳に達するまで)、ボランティア休暇・休職、看護休暇、介護休暇 など

Saturday, Sunday, and National Holidays, Year-end and New Year Holidays, Paid Holidays, Other Special Holidays


【福利厚生 | Services / Benefits】          


Social insurance, Transportation Fee, No smoking indoors allowed (Designated smoking area), etc.





- Experience in information security leadership roles

- Ability to communicate information security and risk-related concepts to technical and nontechnical audiences

- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization

- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

- Up-to-date knowledge of methodologies and trends in both business and IT

- Knowledge and understanding of relevant legal and regulatory requirements,

- Analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives

- Project management skills: financial/budget management, scheduling and resource management

- Capacity of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital

- Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework

- Experience with contract and vendor negotiations


- 情報セキュリティ分野でのリーダーシップ経験

- 情報セキュリティおよびリスク関連の概念を、技術者および非技術者に伝える能力

- 戦略的なリーダーであり、ビジョンと橋渡しの両方を構築し、組織内の適切なチームを活性化させることができる方

- ビジネスマネジメントに関する知識と、情報セキュリティリスクマネジメントおよびサイバーセキュリティ技術に関する知識を有すること

- ビジネスとITの両方における方法論とトレンドに関する最新の知識

- 関連する法律や規制の要件に関する知識と理解

- 分析能力、厳しいスケジュールの下で複数のプロジェクトを管理する能力、また要求の多いダイナミックな環境でうまく働き、全体的な目標を達成することができる能力

- プロジェクト管理能力:財務/予算管理、スケジュール管理、リソース管理

- 正式なレポート構造が存在しないが、望ましい結果を達成することが重要である状況において、実体や意思決定に影響を与える能力


- CISSP(Certified Information Systems Security Professional)、CISM(Certified Information Security Manager)、CISA(Certified Information Systems Auditor)など、セキュリティマネジメントに関する専門資格を有していることが望ましい

- ISO/IEC 27001、ITIL、COBITなどの一般的な情報セキュリティマネジメントフレームワーク、および800-53やCybersecurity FrameworkなどのNISTのフレームワークに関する知識

- 契約およびベンダー交渉の経験