Description and Requirements
Role Value Proposition
We are looking for a manager of Third-Party Cyber Risk Management Unit for the leading life insurance company based in Tokyo and remotely work with offshore offices.
This position serves as an independent contributor responsible for assessing the information security risks and control posture of the third-party suppliers and agencies with whom our company engages.
The successful candidate will lead by example through hands-on involvement in daily operations, drive project activities and propose practical solutions to enhance risk management practices.
The role also involves promoting our Information Security programs by working closely with IT, control functions, and relevant business units to ensure alignment and effectiveness.
Responsibilities
Lead the Third-Party Cyber Risk Management Unit in conducting effective information security risk assessments of third-party suppliers and partner agencies to safeguard the company’s and customer’s personal information and confidential data.
Oversee the progress of third parties in implementing identified risk remediation plans and ensure timely resolution.
Facilitate smooth communication with suppliers, agencies, and relevant internal stakeholders.
Promote cybersecurity awareness and knowledge among suppliers and agencies by collaborating with relevant internal stakeholders.
Maintain and update information security policies to meet evolving regulatory requirements and internal standards.
Coordinate incident response activities related to cyber incidents involving third parties, working closely with internal response teams.
Monitor regulatory changes and industry trends related to cybersecurity and personal information protection, and assess their implication to recommend appropriate measures.
Requirements
Minimum of 5 years of hands-on experience in Information Security or IT Audit.
Strong knowledge of IT infrastructure, cybersecurity, technology trends, and relevant regulations.
Proven ability to prepare accurate reports for diverse audiences, deliver effective presentations, and lead meetings.
Ability to communicate effectively with global counterparts access regions and time zones.
Demonstrated willingness to learn new IT technologies and achieve goals in Information Security.
Ability to travel domestically several times a year.
Ability to explain security concepts in clear and simple terms to stakeholders or agency staff who may not have extensive security knowledge.
Ability to persistently continue dialogue even in situations that may require difficult negotiations with stakeholders.
Ability to deliver smooth and effective presentations to internal employees and agency representatives
Preferred Experience:
Experience in conducting information security audits or third‑party security assessments at an auditing firm, consulting firm, or business enterprise.
Experience in business application development or IT Infrastructures hardening.
Experience working in a global or cross-regional team environment.
Interest in broader risk management domains including IT risk governance.
Hands-on experience with cloud security, data protection, and incident response.
Familiarity with regulatory and industry standards such as NIST CSF, PCI DSS, and FISC.
Profession of information security certifications such as CISSP, CISM, CISA or equivalent is a plus.
Language:
Fluency in Japanese (native level or equivalent) and intermediate proficiency in English (reading, writing, and speaking) are required. A strong willingness to improve English communication skill is essential.