Manage a large/complex team or multiple teams, overseeing resources, budget, policy formation and short to medium term planning to ensure the local IS governance in Japan.
Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals. This includes to oversee the risk management process through information security risk assessment process (ISRA), third party assessment (TPISA), etc., monitor the same through the issue management process, and management reporting as required.
Perform Business Consulting Activities on IS topics, and ensure Information Security Officer (ISO) consulting services are performed.
Conduct cost-benefit analysis to justify IS investment, and build the IS team by promoting partnerships, and marketing IS developments.
Partner with Global Information Security Officers and Global Information Security Program Managers to improve processes and reduce risk.
Ensure risks are identified, assessed, mitigated and controlled, and assist Security Incident Response Teams as the Business IS Consultant.
Ensure Control Preparedness and control effectiveness, as part of the Audit preparedness exercise, ensuring IS programs are audit ready.
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
Partner with the country officer, the respective business / function heads, control partners (2nd / 3rd line of defense, enterprise resilience, third party management, privacy, etc.), and employees to ensure compliance with policy / standards and through education & training.
Manage and maintain relationship with the regulator and industrial bodies (e.g. Japan F-ISAC).
Qualifications:
10+ years of relevant working experience within Information Security / Cyber and technology (application / infrastructure) and within matrix organization.
Proven experience with scripting and programming languages preferred.
Advanced Microsoft Office skills preferred.
Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations.
Advanced analytical and problem solving skills.
Consistently demonstrates clear and concise written and verbal communication.
Proficient in interpreting and applying policies, standards and procedures.
Demonstrated ability to remain unbiased in a diverse working environment.
Business level English and Japanese (native for both languages preferred).
Education:
Bachelor’s degree/University degree or equivalent experience