【ISM】Information Security Consultant

【Job Responsibility／職務の目的】
As a member of the APAC/Global Information Security team, he/she will support all operations in accordance with Zurich Group's security standards.
Under the management and supervision of the Business Information Security Officer (BISO) and in frequent collaboration with APAC/Global colleagues, IT departments and business users, support all information security activities of the Group's affiliates operating in Japan (General and life insurance companies). 

【Key Tasks & Accountabilities／職務内容】
The team will work together to perform the following tasks as requested by Group Information Security/Japan entities. 
1）Information security governance
・Verify security metrics provided by the group and drive remediation.
・Explain the Group's information security strategy and initiatives to stakeholders in Japan.
・Serve as a Subject Matter Expert in the evaluation framework implemented by the group and help ensure that it is properly understood and properly executed by the Japanese counterparts. Review deliverables to ensure accuracy and quality.
・Responsible for various activities required for security governance in Japan.

2）Information security Risk & Compliance
・Conduct activities to ensure transparency on information security topics for stakeholders in Japan 
・Share regional and local level dashboards to help Japanese stakeholders understand their exposure to IT security risks and necessary actions. 
・Work with Risk Management team to assess BU's cyber risk exposure
・Engage with business/IT to support coordination/implementation/improvement of the following assessments and drive appropriate risk management：
・Cloud Security Assessment
・Business/IT Application/IT Risk Assessment, including pre- and post-implementation reviews and major changes
・Thematic security review
・Regulatory assessment（Local regulation, PCI etc）
・Vendor security assessment
・Exception management

3）Application security and cloud
・Work with business/IT to ensure application security controls are in place throughout the application development lifecycle (in collaboration with the global application security team) 
・Work with the group to support the development of local DevSecOps capabilities
・Work with various teams to identify and address security risks associated with the local cloud environment

4）Security Incident Response
・Coordinate and facilitate IT security incident response and forensic investigations (supported by the Global Cyber Response Team) 

5）Security awareness / education
・Support implementation of security awareness and education programs
・ Promote group-led security awareness and education activities

【Qualifications / Experience】
1）Integrity and a high sense of ethics and responsibility
2）Advanced Japanese (native Japanese speaker or Japanese Language Proficiency Test Level 1, business conversation and reading/writing) 
3）Advanced English (native English speaker, TOEIC score of 860 or higher, capable of teleconferencing) 
4）University diploma
5）5-8 years of work experience, of which at least 3 years in an information security related department
6）High level consulting skills and the ability to communicate a wide range of security-related topics to internal and external stakeholders. 
7）Must possess one or more of the following qualifications (or their equivalents).
（CISSP,CISA,CISM,IPA情報処理安全確保支援士）
8）Understanding the big picture of IT technologies and processes (cloud, operating systems, databases, networks, etc.)
9）Ability to think and act logically in order to work proactively

【募集要項】

・勤務地：東京本社オフィス（東京都中野区東中野3-14-20）または在宅勤務のハイブリッド勤務

・雇用形態：正社員

・勤務時間：フレックスタイム制；始業および終業の時刻は社員の決定に委ねる（標準となる１日の労働時間：7時間）

　　　　　   フレキシブルタイム6時00分から22時00分、コアタイム　なし、1日における最低勤務時間　4時間

　　　　　　    休憩時間60分（1日の実労働時間が4時間を超える場合）

・給与：当社規程により決定

　　　　※前職の経験・スキルを考慮

・休日休暇：年末年始休暇、ペアレンタル・リーブ（6週間の特別有給休暇。社員の性別を問わず取得できる制度）、慶弔休暇、産前産後休暇、ボランティア休暇、Re-Creation休暇

・福利厚生：

　各種社会保険（健康保険、厚生年金、雇用保険、労災、他）、ｌ団体生命保険、会員制福利厚生クラブ加入、EAP: Employee Assistance Program（従業員支援プログラム）、育児休職制度、育児時間制度、介護休職制度、フレックスタイム制度、短時間勤務制度、時差勤務制度、育児休職者の早期復職支援手当、シフト勤務に対する育児支援手当、社内クラブ活動、ドレスコードフリー(服装自由)、オンライン自己啓発プログラム、副業、兼業（届出制）