Consultant – Cybersecurity Compliance
Language:
Japanese (Native)
English (Business Level)
Experience: 5 years – 9 years
Primary Skills (Must Have):
- Must have experience in Cyber Security Risk management framework
- Ability to identify gaps and deficiencies in processes and procedures and recommend corrective actions
- Lead and support ongoing security programs which include – Third Party Risk Tracker, Security Awareness, Vulnerability Management, Application Security Governance & Assessments
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities
- Analyze risk findings, and document, recommend and report gaps to security leadership; lead in mitigation, tracking, and reductions of risks
- Related security control and compliance experience in various frameworks including: PCI DSS, ISO 27001, NIST, etc
Secondary Skills (Good to Have):
- Some experience with multiple security roles such as Security Analyst, Security Engineer, Security Projects, Risk Assessments, and Security Operations
- Excellent written and verbal communication skills
- Self-driven and able to work single handed
- Ability to multi-task, prioritize, coordinate, work well under pressure and meet deadlines
- Analytical and methodical approach to problem solving
- Good in stakeholder management
Personal Qualities:
- Analytical and methodical approach to problem solving
- Good in stakeholder management
- Self-driven and able to work single handed
- Excellent written and verbal communication skills
- Ability to multitask, prioritize, coordinate, work well under pressure and meet deadlines
Key Responsibilities:
- Develop risk management controls and systems
- Oversee and manage the GRC risk assessment and security exception process
- Evaluate moderate to complex business and technical requirements, and communicate inherent security risks and provide recommendations for mitigating controls to technical and non-technical stakeholders
- Coordinate and execute changes to existing procedures to enhance the risk management life cycle
- Oversee deep-dive assessments as assigned and deliver findings, recommendations and remediation steps for all activities
- Generate awareness for security best practices for both internal stakeholders and external partners
Additional Remarks for Consideration:
Involves researching, developing, innovating and delivering effective and consistent solutions to support the infrastructure systems ensuring the application of current and emerging technologies.
Shift Timing (9×5,24×7): 9×5 with On-call support