現任のCFOからスムーズに業務を引き継ぎ、グループの役職員と協力して経営管理の課題を特定・改善します。イニシアティブを推進しながら、戦略の策定や管理体制の構築など、CFOとして幅広い業務を担当します。

【業務内容】

社長・役員などと連携し、経営課題の特定・改善、イニシアティブの推進しながら戦略策定などの経営企画業務を広範に担当していただきます。

Responsibilities：

・Develop security reporting/metrics for multiple audiences including executive management and board reporting. Ensure that the relevant metrics are fed into various committees and the Chief Control Office framework and the 2nd Line of Defense.
・Responsible for the implementation of the BISTRA (Business-centric Security Threat & Risk Assessment) Methodology across the most critical value chains of the firm.

・Select, deploy, and manage the Security GRC Portal management to manage the risk and control framework as well as the BISTRA methodology.

・Track and manage all audit, regulatory examinations, client requests, law enforcement requests, and external certifications.

・Manage the risk treatments of security issues and risks identified such as risk acceptances, risk deferments, etc. on behalf of the program and project teams and other stakeholders. Track and monitor the risk treatments to closure.

・Develop and manage all security documentation for the Global CISO team including a library of threats, risks, controls, mitigating practices, capabilities, functions, tools, and processes.

・Monitor and report on compliance with information security and cybersecurity regulations and standards.

・Collaborate with internal stakeholders to ensure alignment of information security risk and controls governance with business objectives.

・Stay current on security risk and controls trends, threats, and regulatory requirements to proactively address emerging issues.

・Responsible for formalising the response to information security incidents, such as data breaches or cyber compromises internally and to regional regulators in accordance with notification rules

・Develop and manage the third-party security risk management team including security assessments and onsite security audits for third parties.

Responsibilities：

・Develop and implement a comprehensive CTD strategy and roadmap (including the deployment the MITRE ATTACK framework, defense in depth, and other best practices) to safeguard the organization’s infrastructure, systems, and data from security threats.
・Lead the Cyber Fusion Center, which includes the Security Operations Center (SOC), Cyber Threal Intel, and Incident Response teams.

・Note that eventually the Cyber Fusion Center will include other activities such anti-fraud and physical access.

・Oversee the detection of cybersecurity events in real time through centralized monitoring.

・Analyze cybersecurity events from multiple sources such as SIEM, IDS/IPS, EDR, AV, Firewalls, etc.

・Respond to and contain cybersecurity incidents, and identify eradication strategies.

・Facilitate the transformation of the current SOC and Incident Response capabilities.

・Manage adversary indicators of compromise, tracking, and monitoring of adversary tactics, techniques, and procedures, motivations, goals and strategic objectives.

・Manage incident response activities, including incident triage, containment, eradication, and recovery to minimize the impact of security incidents on the organisation.

・Lead cyber threat intelligence collaboration internally and externally.

・Create industry standard group level ‘Follow the Sun’ fusion center of CTI and SOC professionals to provide a center for the monitoring, analysis and reporting of cyber events and activities to identify trends and potential risks and leading proactive measures to mitigate.

・Ensures all CTD activities are compliance with all relevant regulations and standards.

・Collaborate with cross-functional teams to assess our security posture and recommend improvements to enhance threat detection and response capabilities.

・Provides regular cyber threat briefings about adversarial threat modelling, advanced analytics, and other leading-edge technologies to proactively inform multiple audiences of potential threats.

・Understand how to convert highly technical language to business-centric language including being able to clearly explain the impact of threats on the business value chains.

・Stay informed about industry trends and best practices in CTD, and recommend improvements to enhance the division’s performance.

・Provide clear guidance to key stakeholders (e.g., IT, business, legal, compliance) on how to meet specific security requirements that will enhance all CTD activities.

・Establish relationships with law enforcement and other cyber threat defense agencies in Japan but also in other countries where we have large operations centers.

・Develop and maintain security policies, procedures, and guidelines to ensure compliance with regulatory requirements and industry standards.