INFORMATION SECURITY RISK MANAGER

• Conduct regular risk assessments for D&IT systems, applications, networks, and third-party vendors.
• Identify potential cybersecurity threats, vulnerabilities, and areas of non-compliance.
• Evaluate emerging IT and cyber risks based on technological advancements and threat intelligence.

• Develop and implement risk mitigation strategies to address identified risks.
• Recommend and design controls to safeguard IT infrastructure and sensitive information.
• Collaborate with Digital &IT, security, and business teams to ensure controls are integrated into processes.

• Establish key risk indicators (KRIs) and key performance indicators (KPIs) to monitor IT and cyber risks.
• Prepare detailed risk reports and dashboards for senior leadership and relevant stakeholders.
• Escalate critical risks and incidents promptly to appropriate parties.

• Ensure compliance with industry standards (e.g., ISO 27001, NIST,) and regulatory requirements (e.g., GDPR).
• Maintain and improve the D&IT and cybersecurity risk management framework.
• Conduct audits and facilitate external assessments to verify compliance with risk and security standards.

• Contribute to the development and testing of incident response plans and business continuity strategies.
• Support investigations and root-cause analysis of security incidents and breaches.

• Bachelor's or Master's degree in Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as CISSP, CISM, or CRISC.
• Knowledge of relevant compliance standards and regulations.

• 8+ years of experience in IT risk management, cybersecurity, or a related role.
• Hands-on work experience in information security, and risk management including risk reporting.
• Proficiency in IT security tools and software, understanding of network protocols, experience with security frameworks (e.g., NIST, COBIT), Knowledge of cloud security and cloud computing.
• In-depth knowledge of information security principles, practices, and technologies.
• Strong understanding of risk management methodologies and frameworks.
• Experience with security assessments, vulnerability management, and risk analysis.

• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills for effectively collaborating with cross-functional teams and communicating security concepts to non-technical stakeholders.

Japan Tobacco International