Sr Manager, Japan Cloud Regulatory & Compliance
-
Location:Minato, Japan
-
Area of InterestSecurity
-
Job TypeProfessional
-
Technology Interest*None
-
Job Id1435466
【チーム紹介】
CiscoのTrust & Complianceチームは、Ciscoの製品が世界各国の市場にアクセスするために必要なサイバーセキュリティのコンプライアンスと認証を確保し、同時に顧客にセキュリティの安心を提供しています。私たちのチームは、セキュリティ、プライバシー、データ保護、顧客データ管理に関する顧客のニーズを理解し、顧客やCiscoの営業、エンジニアリング、サプライチェーン、政府関係、法務と連携して、セキュリティとコンプライアンスエンジニアリングを通じて業界をリードする信頼と透明性を築いています。
【あなたの役割】
このポジションでは、内部および外部のコンプライアンス体制に影響を与えるあらゆるパフォーマンスを理解するリーダーとして活動します。チームメンバーと協力し、コンプライアンスとセキュリティの体制を改善するための様々なイニシアチブを推進します。リスクに基づく深い知識と意思決定能力を活かし、長期的に持続可能なプロセスを構築することが求められます。
この役割の成功者は、ISMAP(情報システムセキュリティ管理評価プログラム)の認証を取得・維持し、日本政府のクラウド認証資格を得ることが期待され、企業グループの継続的な発展に貢献します。
・Ciscoグローバルクラウドコンプライアンス戦略リーダーの指導の下で貢献し、Cisco製品における技術コンプライアンス活動を推進します。
・特に日本市場向けのISMAP認証に注力します。
・ISMAPの監査と認証のために、外部監査機関や政府機関と連携します。また、他のコンプライアンスプロジェクトにも取り組みます。
・ユーザーアクセス管理、ネットワーク、OSとアプリケーションのセキュリティ、脆弱性管理、暗号化、SDLC、バックアップ管理、災害復旧、物理的セキュリティ、トレーニングと意識などの領域をカバーする情報セキュリティ関連の評価を実施します。
・コンプライアンス目標と主要な発見を要約した報告書を作成し、チームと協力して重要な発見を是正します。
・外部監査人や顧客との連携を担当し、CiscoのGCCプログラムに関して安心感を提供します。
・必要に応じてコンプライアンステストをサポートし、内部統制の問題を特定し、明確に定義し、根本原因を把握します。
・GRCやその他の関連ツールで監査/コンプライアンス業務を開発、自動化、維持します。
・組織のコンプライアンス体制の全体像を提供するためのダッシュボードを構築・維持します。
・地理的に分散したGCCチームと協力し、活動を調整します。
【必須要件】
・情報技術、コンピュータサイエンスまたは関連分野の学士/修士号を持ち、最低5〜8年のサイバーセキュリティ関連の規制コンプライアンス経験。
・ISMAPのコンプライアンスフレームワークの知識は必須で、IRAP、SOC 2、ISO、PCI、FedRAMPなどの知識があると望ましい。
・日本語に流暢で、ビジネスレベルの英語能力。
・AWS、Azure、GCP環境での実務経験。
・優れた対人スキル、口頭および書面のコミュニケーション能力。チームプレイヤーであり、組織力と計画能力が強いことが重要です。
【望ましい資格】
・一般的なITシステム(オペレーティングシステム、ネットワークデバイス、アプリケーション)、SDLC、アイデンティティとアクセス管理、脆弱性管理、バックアップと災害復旧プロセスなどの知識があると有益です。
・ビジネスとITの技術スタッフの両方と接続し、コミュニケーションを取る能力。
・マルチタスクをこなし、集中して分析的に問題に取り組む能力が求められます。
・ウェブサイトやSharePointサイトのデザインと維持の経験があるとプラスです。
Job posting may be removed earlier if the position is filled or if a sufficient number of applications are received.
Meet the Team
Cisco’s Trust and Compliance team is responsible for ensuring Cisco’s portfolio meets the cybersecurity compliance and certifications required to access markets around the world while simultaneously providing security assurances to our customers. Our team plays a leading role in understanding customer needs for security, privacy, data protection, and customer data management; informing, supporting, and collaborating with customers, Cisco Sales, Engineering, Supply Chain, Government Affairs and Legal; and building industry leading trust and transparency through security and compliance engineering.
Your Impact
A leader who understands all aspects of performance which impacts both internal and external Compliance posture. The individual will work with other team members to drive various initiatives necessary to improve it. It requires an individual to showcase in-depth knowledge and decision making skills based on risk to build long term sustainable process paths to improve our Compliance and Security posture.
The successful candidate will be expected to obtain and maintain ISMAP (Information system Security Management and Assessment Program) certification, the Japanese government's Cloud certification qualification, and contribute to the continued development of the corporate group.
- Contribute under the supervision and mentorship of the Cisco Global Cloud Compliance Strategy Leader and drive technology compliance activities across Cisco product offerings.
- This position is specifically focussed towards ISMAP certification for Japanese Market
- Liaison with External Auditors, Government agencies wherever applicable for ISMAP audit and certification of Cisco products. The Candidate shall also work on other compliance projects as well.
- Perform Information Security related assessments to cover domains like User Access management, Network, OS & Application Security, Vulnerability Management, Encryption, SDLC, Backup Management, Disaster Recovery, Physical Security, Training & Awareness etc.
- Draft compliance reports to summarize the compliance objectives, key findings, and work with teams to remediate key findings
- Own the liaising with external auditors and customers to help them gain comfort with regard to Cisco's GCC program.
- Assist in Compliance testing as and when required. Identify internal controls issues, ensure they are well-defined and root causes are identified
- Develop, automate and maintain audit/compliance tasks in GRC as well as other related tools
- Build and maintain compliance dashboards to provide a holistic view of the compliance posture of the organization
- Collaborate and coordinate activities with the GCC team based across geographies.
Minimum Qualifications:
· Bachelors / master's Degree with a focus in Information Technology / Computer Science or related field with a minimum 5-8 years of related cybersecurity regulatory compliance experience
· Knowledge of Compliance framework(s) ISMAP is a must to have and others such as IRAP,SOC 2, ISO, PCI, FedRAMP are good to have.
· Language Proficiency: fluent in Japanese and business professional proficiency in English.
· Hands on experience with AWS, Azure & GCP environments
· Good interpersonal, verbal and written communication skills. It is important that the candidate is a team-player and possesses strong organizational and planning skills.
Preferred Qualifications:
· Knowledge of common IT systems (Operating Systems, network devices, applications), Core IT processes / services such as SDLC, Identity and Access management, Vulnerability Management, Backup and DR processes will be useful
· Ability to connect and communicate with both business and IT technical staff including IT and Business management.
· Requires the ability to multi-task, be focussed, and tackle problems analytically
· Experience designing and maintaining websites, SharePoint sites etc is a plus.·
#WeAreCisco (This is the Standard and cannot be changed)
#WeAreCisco where every individual brings their unique skills and perspectives together to pursue our purpose of powering an inclusive future for all.
Our passion is connection—we celebrate our employees’ diverse set of backgrounds and focus on unlocking potential. Cisconians often experience one company, many careers where learning and development are encouraged and supported at every stage. Our technology, tools, and culture pioneered hybrid work trends, allowing all to not only give their best, but be their best.
We understand our outstanding opportunity to bring communities together and at the heart of that is our people. One-third of Cisconians collaborate in our 30 employee resource organizations, called Inclusive Communities, to connect, foster belonging, learn to be informed allies, and make a difference. Dedicated paid time off to volunteer—80 hours each year—allows us to give back to causes we are passionate about, and nearly 86% do!
Our purpose, driven by our people, is what makes us the worldwide leader in technology that powers the internet. Helping our customers reimagine their applications, secure their enterprise, transform their infrastructure, and meet their sustainability goals is what we do best. We ensure that every step we take is a step towards a more inclusive future for all. Take your next step and be you, with us!
When available, the salary range posted for this position reflects the projected hiring range for new hire, full-time salaries in U.S. and/or Canada locations, not including equity or benefits. For non-sales roles the hiring ranges reflect base salary only; employees are also eligible to receive annual bonuses. Hiring ranges for sales positions include base and incentive compensation target. Individual pay is determined by the candidate's hiring location and additional factors, including but not limited to skillset, experience, and relevant education, certifications, or training. Applicants may not be eligible for the full salary range based on their U.S. or Canada hiring location. The recruiter can share more details about compensation for the role in your location during the hiring process.
U.S. employees have access to quality medical, dental and vision insurance, a 401(k) plan with a Cisco matching contribution, short and long-term disability coverage, basic life insurance and numerous wellbeing offerings.
Employees receive up to twelve paid holidays per calendar year, which includes one floating holiday (for non-exempt employees), plus a day off for their birthday. Non-Exempt new hires accrue up to 16 days of vacation time off each year, at a rate of 4.92 hours per pay period. Exempt new hires participate in Cisco’s flexible Vacation Time Off policy, which does not place a defined limit on how much vacation time eligible employees may use, but is subject to availability and some business limitations. All new hires are eligible for Sick Time Off subject to Cisco’s Sick Time Off Policy and will have eighty (80) hours of sick time off provided on their hire date and on January 1st of each year thereafter. Up to 80 hours of unused sick time will be carried forward from one calendar year to the next such that the maximum number of sick time hours an employee may have available is 160 hours. Employees in Illinois have a unique time off program designed specifically with local requirements in mind. All employees also have access to paid time away to deal with critical or emergency issues. We offer additional paid time to volunteer and give back to the community.
Employees on sales plans earn performance-based incentive pay on top of their base salary, which is split between quota and non-quota components. For quota-based incentive pay, Cisco typically pays as follows:
.75% of incentive target for each 1% of revenue attainment up to 50% of quota;
1.5% of incentive target for each 1% of attainment between 50% and 75%;
1% of incentive target for each 1% of attainment between 75% and 100%; and once performance exceeds 100% attainment, incentive rates are at or above 1% for each 1% of attainment with no cap on incentive compensation.
For non-quota-based sales performance elements such as strategic sales objectives, Cisco may pay up to 125% of target. Cisco sales plans do not have a minimum threshold of performance for sales incentive compensation to be paid.
