|• Develop, implement and monitor a strategic, comprehensive enterprise information security management framework and IT risk management program
• Provide risk assessment and security briefings related to security issues for all new and existing systems and remains familiar with the Company's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
• Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non‐technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Company.
• Oversees all ongoing activities related to the development, implementation, and maintenance of the Company's information security policies and procedures by ensuring
these policies and procedures encompass the overall security of electronic information at rest or in motion within the system and assisting departments in local process and
procedure development, ensuring they are not in conflict with Company policies.
• Assists other departments to ensure regulatory compliance in areas such as the ISO 27001, NIST, CSA, CIS and other compliance requirements required by individual
• Chairs the Information Security ‐ IT Committee (ISIC) and coordinates the activities of ISIC so that security decisions do not interrupt business processes while maintaining the
confidentiality, integrity, and availability of company information.
• Conduct vulnerability assessment and penetration test on the organizations IT systems and application• Plan and conduct annual role‐based and general staff cyber security
• Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and
effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects
caused by intentional and unintentional acts.
• Evaluates security incidents and determines what response, if any, is needed and coordinates Company's responses, including technical incident response teams, when
sensitive information is breached.
• Provide IT Audit consultant role with Internal Audit and group company support
|Experience should cover following;
Must have at least 3 ‐ 5 years of working experience in Security consultation IT infrastructure
Preferable to have Advance knowledge and experience for IT infrastructure or networking (Cloud ‐ Azure, AWS, M365, Cisco Cloud Security | On Prem
Wintel Server, Linux and PC | Network – Cisco, Forti, Paloalto, Juniper )
Preferable to have Advance knowledge and experience for Security Solutions (Microsoft, Broadcom, Cisco, McAfee, Cybereason, Trendmicro, any SASE solutions, any Logging or Monitoring
Good verbal and written communication and presentation, negotiation skill in English, Japanese (Optional)
Hands‐on individual contributor and be able to lead and guide vendor, and work with local and offshore team
He/she should have a potential to be a technical specialist with high communication skills and well minded about team‐working
Should have sense of ownership, urgency and self‐motivation‐Able to travel on short notice according to requirements.
‐ Security Solution knowledge or Consultation skill (Server, Network, Client & Mobile)
‐ Cloud Knowledge
‐ Azure, AWS, M365, Cisco Cloud Security, Citrix VDI (Administration level knowledge)
‐ Microsoft Windows Server 2012, 2016, 2019 platform Technologies (Administration level knowledge)
‐ Network Routing / SD WAN / Firewall Policy (Administration level knowledge)
‐ Professional information security certifications (CISSP,CISM,CISA,OSCP, GIAC etc) is required.
‐ AWS Certified with Solution Architect Associate or Professional
‐ Azure Certified with Administrator Associate or Solution Architect Expert
‐ IT Audit experience or any Security enhancement experiences in Financial sector