大手製薬企業にてCybersecurity Architect, Global Information Security

大手製薬メーカーにて設備メンテナンススタッフの案件です

仕事内容

JOB DESCRIPTION
Job’s mission：
Under the direct supervision and guidance of the Cybersecurity Manager (as the direct report, 70%) and Global Head of Information Security (as the dotted line report, 30%), the job holder is part of the Global Information Security Function (Digital ＆ IT Division), responsible for execution of Global Cyber Defense Strategy, implementation of technical solutions to defend us from cyberattacks, running risk assessments of all new global solutions, managing the risk and vulnerability management process (both Information Systems and Industrial Control Systems), developing and maintaining the organization's security architecture, which is in line with security regulations, standards and best practices, managing the SOC (Security Operations Center) partner in order to ensure that information assets are adequately protected and compliant as well as maximize the benefit of information systems for global businesses.

Number of direct subordinates：
No direct subordinates as of the recruitment date however there will be several Digital ＆ IT members and external consultants whose activities need to be coordinated by this role within the framework of cybersecurity projects or processes.

Key Responsibilities ＆ Accountabilities

Cybersecurity Defense ＆ Management：
・According to the company’s long-term vision, execute the cybersecurity strategies by collaborating with cross-functional teams to design and implement secure infrastructure and application solutions
・Understand expectations of the company with regard to continuous growth, establish concrete goals, and create mid-term strategies to achieve goals
・Drive the Global Cyber Defense Strategy, maintain ready forces and capabilities to conduct cybersecurity operations (Global SOC is based in Finland)
・Anticipate future internal and external trends and implications and create appropriate cybersecurity measures
・Build understanding of cyber threats in each level. Develop detection ＆ protection measures continuously, lead the technical solution implementations to be prepared to defend us from disruptive or destructive cyberattacks


Technical Risk Management：
・Improve cybersecurity maturity level by increasing overall awareness and providing security advice/insights on technical requirements both to technical and non-technical leaders (Information Systems and Industrial Control Systems global leaders)
・Act as Security Architect in global program ＆ project implementations, planning the delivery of risk mitigation solutions and answering technical questions, reviewing current security measures, recommending enhancements, and identifying areas of security weakness
・Perform technical risk assessments (IT ＆ OT) of all new global solutions and third parties, identify potential gaps and make sound recommendations for mitigating the risks on a global scale
・Perform ongoing security maturity level assessments (Application Advisory Board Reviews and Critical 3rd Party Assessments such as; SOC Vendor, Infra Support Vendors) to evaluate the effectiveness of security controls and explain the effectiveness to project teams, business stakeholders and senior management
・Implement the Internal Cybersecurity Framework to support the state-of-art technologies and regulatory and organizational requirements (ISO 27001, NIST, Data Privacy Laws)


Business Continuity ＆ Disaster Recovery Management：
・Support the Disaster Recovery and Business Continuity framework, related initiatives and execution
・Verify and continuously improve the Recovery Process performed during or after an security incident to ensure that it meets business requirements and is effective and practical


Security Incident Management：
・Ensure the security incident management process are executed properly by regional Infra leads by tracking the resolution process and making sure the known issues are addressed according to risk management methodology
・Manage the monthly operational meetings between SOC team and us, improve the overall process and ensure the KPIs are achieved


Vulnerability Management：
・Implement and improve the Global Vulnerability Management Program focused on reducing the risk presented by vulnerabilities in environment by continuously performing three core steps; Discovery, Reporting and Remediation
・Guide the technical teams (Global Infra, Regional Infra and Application teams, critical third parties) to make sure vulnerabilities are mitigated on a timely manner
・Manage the global vulnerability scan and penetration test exercises


Threat Intelligence
・Determine the need for covering the risks on company’s threat landscape and continuously search for the most strategic product ＆ services to deliver the needed capabilities
・Keep track of changes in business, threat landscape, product innovations and rebalance accordingly
Build close partnerships and implement efficient internal processes with business and technical teams to detect and mitigate threats before they can be exploited

応募条件

【必須事項】

Education：
・Bachelor's degree in Business, Computer Sciences, Engineering, or related field
・Relevant Cyber security certifications (CISSP, CISM, CISA, CEH, Registered Information Security Specialist, etc.)

Experience：
・Minimum of 7 years experiences in Information Systems, including minimum of 4 years experiences in the fields of Information Security, Cybersecurity, Risk Management, Business Continuity Management
・Experience with program implementations such as ISO, NIST CSF, COBIT and other related compliance frameworks
・Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
・Successful experiences of project management
・International experience of working with teams spread across different countries and global stakeholders
・Excellent track records of delivering results

Functional Competencies：
・Expert understanding of cybersecurity concepts, principles and practices
・Expert knowledge of current and emerging cybersecurity risks, and innovative risk management methods and solutions
・Expert knowledge of business continuity and disaster recovery frameworks
・Knowledge of security best practices in public cloud environments
・Knowledge with SASE, CASB, SWG, ZTNA technologies is an asset
・A strong understanding of the business impact of security tools, technologies and policies
・Practical project management skills applied to information systems and services
・Documentation and presentation skills that are convincing for management
・Fully comfortable working in English, both written and spoken

Leadership Competencies

Generic style：
・Independent ＆ autonomous, while still a strong teammate
・Strong sense of integrity
・Enthusiastic and self-starting

Achieving Valuable Business Results：
・Stays focus on business value
・Sets clear, challenging goals, then measures the result
・Deals with performance issues of the projects/implementations in a timely manner
・Look for new solutions, new technologies, using innovative approach

Thinking and Decision Making：
・Takes a systematic and methodical approach to work
・Strong analytical, research, and problem-solving skills with a keen attention to detail
・Makes most effective questions before problems resolution plans are made
・Makes clear and timely decisions, forward-thinking

Influencing：
・Good interpersonal and communication skills in order to share knowledge with a variety of levels, and to communicate effectively with business and technical functions
・Uses a mixture of data, logical arguments and organizational knowledge to achieve the desired results
・Ability to prioritize incoming escalations and requests appropriately using clear communications.

【歓迎経験】

【免許・資格】

【勤務開始日】

応相談

学歴

大学卒以上

雇用形態

正社員

試用期間

3ヶ月

勤務地

在宅可、大阪

転勤の有無

転勤なし

受動喫煙防止措置

屋内禁煙

勤務時間

フレックスタイム制
フルフレックス（コアタイムなし）

勤務開始日

応相談

休日休暇

年間休日数：123
土日祝
年間有給休暇：下限日数は、入社直後の付与日数となります　10日 ～ 20日
法定休暇：年次有給休暇
特別休暇：夏季休暇、年末年始休暇

年収・給与

経験により応相談

諸手当

通勤手当

昇給

年1回

賞与

年2回

採用人数

1名　

待遇・福利厚生

通勤手当：有
寮・社宅：有
住宅手当：有

各種制度

健康保険：有
雇用保険：有
労災保険：有
厚生年金：有
定年：60歳
退職金制度：有

選考プロセス

１）書類選考
２）一次面接
３）適性検査
４）最終面接