Cybersecurity Senior Manager

---

Job details

Company overview

We are a major Japanese pharmaceutical company. We are a pharmaceutical company focused on eye health in particular, and are engaged in the research, development, manufacturing, and marketing of pharmaceuticals in the ophthalmologic field. We are particularly strong in the treatment of dry eye, cataract, and glaucoma, and have earned trust for our high technology and quality. We also have operations around the world and aim to contribute to eye health from a global perspective. In research and development, we are active in introducing new treatments and technologies to meet the various needs related to vision.

Responsibilities

Under the direct supervision and guidance of the Global Head of Information Security, the job holder is part of the Global Information Security (Digital & IT Division), responsible for leading the implementation & execution of Global Cyber Defense Strategy, implementation of technical solutions to defend the business from cyberattacks, running risk assessments of all new global solutions, managing the risk and vulnerability management process (both Information Systems and Industrial Control Systems), developing and maintaining the organization's security architecture, while considering investor's expectation for company security measures such as security regulations, standards and best practice, working with SOC (Security Operations Center) partner in order to ensure that information assets are adequately protected and compliant as well as maximize the benefit of information systems for the company’s global businesses.
Main responsibilities:

• Cybersecurity Defense & Management
  • According to the company’s long-term vision, formulate and integrate cybersecurity strategies into a companywide strategic plan by collaborating with cross-functional teams to design and implement secure infrastructure and application solutions
  • Understand expectations of the company regarding continuous growth, establish concrete goals, and create mid-term strategies to achieve goals
  • Drive the Global Cyber Defense Strategy, maintain ready forces and capabilities to conduct cybersecurity operations
  • Anticipate future internal and external trends and implications and create appropriate cybersecurity measures
  • Build understanding of cyber threats in each level. Develop detection & protection measures continuously, lead the technical solution implementations to be prepared to defend the business from disruptive or destructive cyberattacks
• Security Incident Management
  • Ensure the security incident management process are executed properly by all parties by tracking the resolution process and making sure the known issues are addressed according to risk management methodology
  • Lead the monthly operational meetings between SOC team and the company, improve the overall process and ensure the KPIs are achieved
  • Verify and continuously improve the Recovery Process performed during or after a security incident to ensure that it meets business requirements and is effective and practical
  • Manage the Major Security Incident Management process, under Global Head of Information Security, and guide/train different stakeholders, including SOC team, DIT leaders and technical managers
  • Support the Disaster Recovery and Business Continuity framework, initiatives, and execution
• Technical Risk Management
  • Improve the company’s cybersecurity maturity level by increasing overall awareness and providing security advice/insights on technical requirements to DIT and non-DIT leaders (both Information Systems and Industrial Control Systems global leaders)
  • Lead global programs & project implementations, planning the delivery of risk mitigation solutions and answering technical questions, reviewing current security measures, recommending enhancements, and identifying areas of security weakness
  • Perform technical risk assessments (IT & OT) of all new global solutions and third parties, identify potential gaps and make sound recommendations for mitigating the risks on a global scale
  • Implement the Internal Cybersecurity Framework to support the state-of-art technologies and company regulatory and organizational requirements (ISO 27001, NIST, Data Privacy Laws)
• Vulnerability Management
  • Implement and improve the Global Vulnerability Management Program focused on reducing the risk presented by vulnerabilities in the business environment by continuously performing three core steps: Discovery, Reporting and Remediation
  • Guide the technical teams (Global IT Infra, Regional IT Infra and Application teams, critical third parties) to make sure vulnerabilities are mitigated on a timely manner, perform the escalations on time
  • Manage the global vulnerability scan and penetration test exercises
  • Manage the relationship and contracts with the external suppliers to obtain the best value for the company
• Threat Intelligence
  • Determine the need for covering the risks on company’s threat landscape and continuously search for the most strategic product & services to deliver the needed capabilities
  • Keep track of changes in business, threat landscape, product innovations and rebalance according to the risk appetite
  • Build and maintain robust partnerships with market leaders to deter shared threats in our industry
  • Build close partnerships and implement efficient internal processes with business and technical teams to detect and mitigate threats before they can be exploited
• Project Initiation and Execution
  • Lead projects to implement new cybersecurity solutions or frameworks by developing business cases or conducting opportunity studies when needed
  • Understand projects and services specificities in a multi locations environment with many remote management situations
  • Ensure there are continuous PDCA (Plan, Do, Check and Action) cycles to improve services and solution in place in relations with KPIs/SLAs in place or to be developed
• Stakeholder Relationship and Vendor Management
  • Maintain good working relationships with internal stakeholders globally, especially with Digital & IT management
  • Support his/her Digital & IT peers in charge of infrastructure, service operations and business applications to provide the right information security advice or solutions allowing them to provide the contributions to business domains
  • Manage the suppliers by defining clear guidelines and objectives, relying on KPIs in coordination with the governance in place. Challenge organization and governance in place to verify the company is obtaining best value and that vendors are meeting our information security needs and requirements
• Resources Management
  • Develop and own the budget proposal for the cybersecurity domain in accordance with the company guidance on budget directions
  • Ensure financial governance and efficient use of resources to meet business objectives.
  • Execute the budget in respect of its objectives in terms of services to operate, solutions to deliver
  • Perform ongoing security maturity level assessment to evaluate the effectiveness of security controls and explain the effectiveness to project teams, business stakeholders and senior management

Requirements

Minimum requirements:

• Minimum of 10 years experiences in Information Systems, including minimum of 7 years experiences in the fields of Information Security, Cybersecurity, Risk Management, including demonstrated competency in:
• Cross-functional leadership and stakeholder relationship management (external and internal)
• Successfully implementing global cybersecurity programs and systems
• Implementing a risk-based cybersecurity framework
• Expert knowledge/experience with program implementations such as ISO, NIST CSF, COBIT and other related compliance frameworks
• Proven experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
• Successful experiences of project management, applied to information systems and services
• International experience of working with teams spread across different countries and global stakeholders
• Proven experience in researching, evaluating, negotiating, and managing third-party service providers.
• Expert understanding of cybersecurity concepts, principles and practices
• Expert knowledge of current and emerging cybersecurity risks, and innovative risk management methods and solutions
• Knowledge of security best practices in public cloud environments and SASE, CASB, SWG, ZTNA technologies
• Broad knowledge and perspectives on information systems, including business systems and services
• A strong understanding of the business impact of security tools, technologies and policies
• Practical project management skills applied to information systems and services
• Strong collaboration/communication experiences in diverse/cross-cultural organizations.
• Proven leadership skills in an ambiguous or changing environment.
• Strong in logical thinking, time management, decision-making, and problem solving as able to manage multiple programs and priorities simultaneously.
• Excellent track records of delivering results.
• Excellent interpersonal, organizational, planning, presentation, documentation, facilitation, and communication skills and be capable to clearly articulate the viewpoint.
• Ability to communicate effectively up and down the management chain in the appropriate language and provides the appropriate level of detail and focus on the right information.
• Demonstrated initiative and ownership: Ability to lead, guide, and motivate people to deliver results; encourage risk taking, initiative, and responsibility; demonstrates the ability to effectively persuade others to listen, commit, and act on a new approach.
• Ability to work in a fast-paced environment leveraging internal and external resources to meet simultaneous deadlines/demands.
• Generic style
  • Independent & autonomous, while still a strong teammate
  • Strong sense of integrity
  • Enthusiastic and self-starting
• Achieving Valuable Business Results
  • Stays focus on business value
  • Sets clear, challenging goals, then measures the result
  • Deals with performance issues of the projects/implementations in a timely manner
  • Look for new solutions, new technologies, using innovative approach
• Thinking and Decision Making
  • Takes a systematic and methodical approach to work
  • Strong analytical, research, and problem-solving skills with a keen attention to detail
  • Makes most effective questions before problems resolution plans are made
  • Makes clear and timely decisions, forward-thinking
• Influencing
  • Good interpersonal and communication skills in order to share knowledge with a variety of levels, and to communicate effectively with business and technical functions
  • Uses a mixture of data, logical arguments and organizational knowledge to achieve the desired results
  • Ability to prioritize incoming escalations and requests appropriately using clear communications.

Salary

11.5 - 16 million yen

Location

Tokyo