Information & Product Security officer

---

募集要項

会社概要

同社は大手エレクトロニクス機器企業です。ヘルスケアや消費財含め、様々な事業を行っています。

業務内容

 General

• Support/localize information & product security awareness, training and education programs.
• Supports, creation, approval and embedding of information/product security policies, adaptions, standards.
• Establish & deliver centralized reporting within and to the business markets on the effectiveness of the information & product security function and its performance against strategic objectives.
• Aligns with the supplier security team on information & product security issues related to suppliers/partners/3rd party ecosystems. Product & Services Security
• Creating products & services security strategies, both short-term and long-range, in support of the business goals.
• dentify product/services security requirements throughout the Idea-to-market (I2M)/ Product Development Lifecycle Management and work with other teams as necessary to provide mitigation and cost/benefit analysis.
• Directing an ongoing, proactive product & services security risk assessment program so effective controls can be put in place for those areas presenting the greatest information security risk.
• Communicating risks and recommendations to mitigate risks to the senior management
• Supporting businesses in maintaining external business certifications and compliance with other (international) guidelines for information security.
• Assisting with business internal audits and overseeing and guiding external audits related to its products and services in the markets.
• Creating products & services security strategies, both short-term and long-range, in support of the business goals.

 Information Security

• Be an authority on the Security Management Framework: policies (tactical level), processes and risk management designs. Drive and support compliance/policy/risk reviews for your assigned market areas/business units.
• Engage with business, markets and functions to identify improvement opportunities across secure foundation, information protection, secure access to business information/assets , threat/ incidents response capabilities and vulnerabilities mitigation.
• Help businesses and markets in making their own information (application) security assessments and sample assessments in order to audit compliance and report on compliance.
• Drive local business on the implementation of ISMS (High level controls and Technical Baselines), gather information and assess risk together with the risk management team.
• Support the embedding of Information Security (e.g. ISMS, client requirements, Technical Baselines) within business/markets/ functions operations and various environments.
• Support the Market Japan ISO27001 certification and improvement

応募条件

Minimum

• A Master’s degree or equivalent combination of education and work experience
• Minimum of 10 years in product/information security or risk management and/or related functions (such as IT audit, IT Risk Management and IT Compliance)
• Excellent knowledge of ISO27001/2 and NIST Cybersecurity frameworks
• Information security management or audit qualifications such as CISM/ CISSP/ CISA/ CRISC
• Experience in the creation and enforcement of information security (including the sensitivity to establish a risk based view on compliance), including compliance reporting
• Experience in Health information security and risk management (ISO 27799, ISO/IEC 80001, DIACAP)
• Familiar with Laws and regulations on privacy, data protection, and breach notification, such as HIPAA, FDA, GDPR, ISO/TS 14265, 21CFR820 and equivalent Japanese laws
• Domain specific standards and approaches on privacy and product security (DICOM, IHE)
• Experience working in a large global organization with practical experience in a highly regulated environment
• Strong interpersonal skills – communication, presentation, ability to influence and lead
• Self-motivated, positive attitude, and results-oriented
• English fluency
• Willingness to travel as needed

給与

1400 - 1800 万円

勤務地

東京