Japan - Information Security Manager
Context:
Are you interested in spearheading cybersecurity excellence in a growth and diverse region? Chubb is seeking a seasoned Information Security Manager to lead our information security initiatives across Japan. This is a unique opportunity to make a significant impact by shaping the local security culture and enabling businesses to thrive securely.
As Information Security Manager, you will be responsible for safeguarding Chubb’s operations by leading the country’s cybersecurity mandate, fostering a strong security culture, and ensuring compliance with security standards. This role requires strong relationship management and influencing skill, as well as in-depth security knowledge and understanding of the Japanese cyber regulatory landscape. The incumbent will be a senior member of the APAC RISO Information Security team, part of Global Information Security (GIS). The ability to drive and support the GIS agenda consistently across a growing business and diverse working culture is critical success criteria for the role.
Role requirements:
Role requirementsDetailsLeadership
- Provide the security leadership across Japan by deploying the global information security program and influencing IT and business executives whilst ensuring the local regulatory and business requirements are met.
- Represent the Group CISO function as the Japan country Information Security leader.
- Operate as the local subject matter expert & Leader
Technical / Assessment
- Regularly assess and evaluate local country risk & control position against the KPI’s and information security risk management framework.
- Support Japan regulatory assessment activities in relation to RISO & GIS domains, ensure partnership, visibility, and engagement to regional CRA, and global security GRC leadership.
- Provide guidance and technical security advisory on local projects, become the local subject matter expert for Chubb group security expectations to local stakeholders. Ensure security issues are appropriately escalated to relevant Regional and Global stakeholder where they relate to delivery priorities for Chubb Japan.
RISO Transformation & Change
- Lead the security uplift of Japan's legacy application estate. Drive local adoption of Chubb security processes, policy, and standards.
- Support GIS and RISO portfolio delivery into Japan with local oversight and escalation to ensure that GIS objectives, transformation targets are effectively (and consistently) rolled out locally.
- Ability to build plans and oversee local improvement and transformation aligning to Chubb’s GIS program and RISO functional objectives.
- Able to influence local Chubb Japan Technology, Operations, and business units to support, execute and prioritize RISO and GIS priorities.
Reporting and Governance
- Provide regular country reporting on information security Key Performance Indicators (KPI) to the Japan, Regional, and Security leadership.
- Support Local Board and senior management reporting and awareness on Cyber.
- Build accurate inventory / registry of Japan security issues and exceptions, ensuring local disclosure and identification of security derogations.
- Track and regularly review Japan security issues, and exceptions with owners and local management, as well as regional and group security management.
- Monitor Third-Party Cyber Risk Management risks and support local management escalation discussions where necessary.
Communication & Stakeholders
- Build an effective relationship, partnering and supporting the Japan CIO, and other local Japan Leaders on Information Security matters.
- Identify and engage with key business contacts and stakeholders to raise awareness of the security threats to CHUBB and to ensure adequate coverage for business’ information security program.
- Attend Regional InfoSec Leadership and Global Team meetings providing local insight on Japan specific issues, challenges, and status.
- Regularly partner and collaborate with Regional Technical Security team, Cyber Risk & Assurance and Security Architectural teams on security issues, assessments, and reporting matters.
- Managing and supporting Japan local stakeholders through strong in office presence, face to face stakeholder engagement and presence.
- Engagement with GIS functional towers and teams based in US, and APAC RISO organization to support alignment and maturing GIS processes in Japan, as well as Security service coverage.
Cyber Incident response oversight
- Oversee, support and report on Far East (Japan) information security incidents in collaboration with Global Security Operations and the Privacy function, and the regional Information Security Incident Management team.
Security training & Awareness
- Plan, support security awareness and training activities within Japan driving risk culture changes, improvement of security behaviours.
Experience:
- Experience leading Japan country information security requirements within a global FI, responsible for a breadth of security services. Hands on practical cyber acumen across technical security domains.
- Professional certifications such as CISSP, CISM, or equivalent (preferred).
- Strong knowledge of industry standards and frameworks (e.g., ISO 27001, NIST CSF, ISF SoGP).
- Familiarity with Japanese regulatory standards and activity around Information Security (Japan FSA), covering data usage and protection, and technical specifications.
- Demonstrated expertise in Incident Response and Incident Management.
- Communication skills including the ability to develop and provide effective presentations to various audiences, including non-technical resources.
- Experience working in an agile work style, Secure Dev Ops, Security in Software Security Delivery preferred.
- Good understanding of cloud services and cloud development techniques, as well as cloud security.
- Experience with Data Leakage prevention and protection (DLP) control design and process alignment within corporate structures.
- Cyber transformation, project, and program planning experience for security control uplift, implementation, and improvement.
Knowledge, Skills, and Abilities:
- Strong organizational, analytical and customer service skills.
- Japanese & English bilingual key requirement. Ability to work and partner with Japan stakeholders in Japanese, and regional and global stakeholders in English is a must have.
- Ability to work effectively in a team/matrixed environment.
- Effectively communicate risks and issues to various levels of the business and IT leadership.
- Ability to work onsite regularly to ensure management of key stakeholder relationships.