求人をシェアする

IT, Information Security Group, IT Risk Governance Analyst, GG11

日付: 2023/01/19

場所: Tokyo, JP

会社: MetLife

Responsibilities:

This position serves following critical functions in Information Security Group. For each aspect, key points are to assess, respond and drive improvement from the risk management perspective.

  • Conduct IT auditee tasks on IT General Control (ITGC) of US-GAAP (SOX) and J-GAAP Deloitte IT audits for Japan in a timely manner (e.g. collect/review relevant documents/evidence to be submitted to Deloitte audits, organize several crucial meetings with Deloitte and also interview sessions, Cope with several inquiries from users/Deloitte and also support IT Groups/Teams on finding remediation/inquiries on SOX compliance, etc)
  • Conduct reviews and provide advice from the risk perspective to compile proper regulatory communication with Financial Services Agency (FSA) regarding security and system incidents.
  • Conduct and support IT Issue Management (e.g. Promoting and supporting the registration of IT issues as risk findings, Monitoring remediation progress of IT issues, Preparing and maintaining relevant metrics and reports for stakeholders, etc)
  • Conduct and support for maintaining policy, procedures and manuals related to Information Security areas
  • Respond to questionnaires on information security from group insurance customers and/or bank customers.
  • Communicate and liaise proactively work with local and global counterparts for executing activities related to Information Security areas.
  • Respond to the regulatory changes or industry wide trends relating to Information Security and analyze for implications or measures to be taken as necessary.
     

Requirements: 

Experience:

  • Minimum of 4 years of hands-on experience in Information Security and/or IT Risk management related field.

Skills:

  • Native or equivalent level of Japanese and intermediate level of English proficiency.
  • Ability to prepare accurate reports for all levels of staff in an appropriate clear language and provide oral presentation.

Preferable:

  • Interest in broader risk management areas such as IT security, third-party risk and emerging tech risk management.
  • Experience or interest in financial industry particularly life insurance.
  • Familiar with regulatory/industry standards (NIST CSF, PCI DSS, FISC)

Qualifications:

  • CISA, CISM, CISSP or similar certification is a plus

Language:

  • Japanese: Native or equivalent level, English: Intermediate level of English proficiency

Personality:

  • Proactive and also willing to learn new things in technologies and information security