|部署・役職名||Associate Director, IT Risk Management ＆ Security|
Given the exponentially increasing cybersecurity threat and complexity of those threats （including espionage, criminals, hacktivists, and internal threats）, the demand of the information security risk management organization has increased dramatically. Worldwide governmental legislation and regulatory risk is increasing （ex. President Obama's Cybersecurity executive order and EU Privacy laws）. In response, and as a critical component of the IT transformation, the ITRMS has consolidated security activities across IT and is designing a new organization that requires leadership positions with large scope ＆ responsibility.
The Risk Liaison role will be responsible for fostering a strong culture of information risk management and security across divisions and provide world class services and expertise that allow the business to operate in a risk informed and risk adjusted environment. This role will lead efforts in the region and assist in the creation of a comprehensive approach to anticipate, identify, prioritize, manage and monitor business information risks impacting the divisions. The leader will work with global IT functional and country Client Service Leaders （CSL） and business leadership to understand the business objectives and priorities in which to focus.
To help meet these emerging challenges, we are seeking an energetic, forward－thinking security professional to support the risk management function.
•Driving adherence to Software Development Life Cycle （SDLC）
•Partner with Divisional IT Leadership Teams
•Collaborate with Digital Shop Floor and Enterprise Lab Platform leaders to mature the Cyber Security posture for both platforms and introduce security by design thinking into the Platform roadmaps
•Guide Divisional IT Teams in the compliance of company policies, procedures and external regulations.
•Performing analysis to determine gaps in the security controls
•Prioritize and focus on IT risks that affect the highest priority risks in the division
•Providing risk－based input for effective decision making on resource ＆ investment allocations
•Working with the division to ensure laws, regulations, policies and key controls are satisfied
•Support a positive culture change through continuous monitoring, awareness, education, partnering with industry standard leaders and promoting best practices
•Ensuring the division creates Business Continuity Plans for the most critical systems
•Internal Audit （including SOX 404 Testing） Monitoring and Response Guidance
•Follow－up of divisional audits in coordination with the division
•Contribute to enterprise－wide risk mitigation programs, processes and technologies focusing effort on identification of the highest risks.
•Serves as an expert on IT Security and Compliance policies. Maintains current state awareness and understanding of internal and industry practices relative to IT security ＆ compliance. Knowledgeable of evolving trends, industry citations, etc.
•Elevate IT security awareness in general and targeted audience within the organisation, service providers and other vendors
•This role focuses on Japan and China markets.
応募資格 Education Requirement:
•Bachelor Degree or higher in Information Technology, Computer Science, Engineering, Business or equivalent is required.
【歓迎（WANT）】Required Experience and Skills:
•Require at least 12 years of cyber and risk management background and preferred with over 15 years of total experience.
•Solid working knowledge of Risk Management and Cybersecurity tools ＆ processes. Strong background working in a regulatory/compliance environment.
•Excellent language proficiency in Japanese （mandatory）, English （mandatory） and Chinese （desirable）
•Superior collaboration skills and communications skills.
•Ability to collaborate well in a matrix environment, ‘enterprise leader’
•Significant experience in leading cross－functional project teams with limited direct line responsibility and exceptional project management skills
•Experience implementing systems utilizing SDLC methodology in a regulated environment
•Technology roadmap development and implementation
•Ability to manage through complexity and ambiguity
•Solid understanding of Data management, governance and the protection of key business information assets
•End to End mindset – a relentless ability to connect people, processes and information.
•Awareness of relevant industry business, information and technology trends, in and out of pharmaceutical industry （desired）
•Deep understanding of multi－cultures in the region and able to effectively work with various stakeholders
Preferred Experience and Skills:
• Relevant certification credentials are desired such as CISA, CISM CRISC, CISSP, GIAC,
• IT background in infrastructure or enterprise systems environment.
• Technical knowledge and understanding of SDLC and GxP principles.
• Hands－on experience with computer systems and security tools
• Demonstrated skills working with various IT technologies and services.
• Familiarity with advanced/emerging technology trends
• Demonstrated ability to work independently and as part of virtual teams in a fast－paced environment
• Natural curiosity and a desire to do things differently
• Must be able to adapt and rapidly learn new technologies and apply their findings to solve key business challenges.