IT Risk Assistant Manager

Status message

This job has expired. Search for other opportunities.
Salary/Rate : ¥12M - ¥12M
Location : Tokyo Metropolis
Post Date :
Employment Type : Permanent
Job Reference : 22289-FS
Job Classification : Financial Services

Description :

Job description

Information Risk Management aims at supporting management and business functions (IT), to minimize risk of loss due to inadequate information security, and loss of information confidentiality, integrity, or availability. Corporate Security and Investigation aims at supporting management and business functions to minimize risk of loss due to fraud, personal & physical security incidents, employment practice incidents, and crisis/disasters (BCM/BCP).

Information Risk Assistant Manager is responsible for day to day execution of information technology risk, its reporting, monitoring relevant risk mitigation controls, and providing guidance on information risk issues to all divisions as needed. The position requires sufficient knowledge of information risk management and hands-on experience of IT security operations.

Key responsibilities

1. Risk assessment

・Perform/assist project risk assessment with project manager, business user and IT to mitigate project risks, as well as to monitor project progress for adherence to the project governance framework.

・Perform/assist business system risk assessment with business/asset owner to identify the information asset classification and to identify potential risk and its risk owner, advise to develop the mitigating controls.

2. Process and governance

・Maintain the information risk policy and guideline based on group recommendations.

・Review and monitor the design and operational effectiveness of IT general control and IT security controls, taking appropriate steps to improve its effectiveness.

3. Risk reporting

・Provide reports of the status of Information technology risk to local risk committee and management, as well as global management.

4. Audit and regulation

・Coordinate Internal and external audit, and regulatory assessment

・Follow up with audit issues owners on designing action plans and validating its effectiveness.

・Conduct/assist regulatory testing for SOX compliance.

5. Assist Operational risk management

・Conduct/assist IT outsourcing risk assessment with business owner to identify the impact of the outsourced activity, and review control processes on an ongoing basis.

・Support management of IT DR readiness with business continuity management.

・Support management and escalation of major system related incident.

6. Communication

・Liaise with other risk management areas such as Operational risk, and Business continuity risk management.

・Collaborate with other departments to identify and address information risk issue to appropriate owner for investigation and resolution. Future Career in this Position

・Opportunity to extend career as Information/Operational Risk Manager, or other roles in risk management, IT, and related business functions.

・Opportunity to gain knowledge and working experience in other enterprise and operational risk management practices.

Qualification requirements

Experience in the Information Risk Management or Information Security function covering some of the following:

Working experience and knowledge of project risk management, system risk assessment, business impact analysis and risk reporting.

  • Reviewing system security architecture
  • Working experience in IT incident management with security information and event management system.
  • Conducting vulnerability assessment/penetration testing
  • Conducting IT security operations and administration for client/server and personal computing, network, operating systems, databases, security event monitoring execution.
  • Conducting IT DR operations.

Knowledge of local law and regulatory requirements regarding FSA and finance institute IT systems risk management, and privacy law.

Ability to deal with multiple requirements and initiatives across multiple risk management aspects.

Positive attitude, responsive, persistent and able to prioritize.

Ability to proactively propose ideas to stakeholders.

  • CISSP, CISM, CISA or equivalent qualifications/credentials
  • Communication skills in both Japanese and English. Business level English not only reading and writing, but also conversational (for direct interaction), is a must.
  • Good presentation and facilitation skills with self-discipline
  • Ability to resolve conflicts between security and business objectives
  • Flexible in supporting and performing tasks of other functions in operational risk management.

Working Experience:

  • 5-10+ years
  • CISSP, CISM, CISA or equivalent qualifications/credentials
  • Report to: Head of Information Risk Management, EORM
  • Employment Status: Permanent

By applying to this job you are agreeing to our Terms of Use


Ote Center Bldg, 22F
1-1-3 Otemachi
100-0004 Tokyo
Phone : +813 5219 6633

Similar Jobs