Risk Specialist – Information Security Risk

Woven Planet

  • Full Time

ABOUT WOVEN PLANET GROUP
Woven Planet Group (Woven Planet) represents a carefully curated blend of expertise and resources dedicated to bringing the vision of “Mobility to Love, Safety to Live” to life. Through innovations and investments in automated driving, robotics, smart cities, and more, we are transforming how humankind lives, works, and moves. We exist to design, build, and deliver secure, connected, and sustainable mobility solutions that benefit all people worldwide. Founded in 2018 as Toyota Research Institute – Advanced Development (TRI-AD), Woven Planet is composed of four complementary companies: Woven Planet Holdings, Woven Core, Woven Alpha, and Woven Capital.

Visit us to learn more: https://www.woven-planet.global/

TEAM
The security assurance team at Woven Planet is responsible for managing security risks. on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.  

WHO ARE WE LOOKING FOR?
Do you have experience handling enterprise security risks end-to-end, identifying gaps in compliance, and building information security policies?
 
We are looking for experienced information security risk specialists who are passionate about compliance, governance, and risk management to ensure Woven Planet has an appropriate level of risk and remains compliant to applicable regulations.
 
The successful candidate is one with extensive experience in working with various security/privacy/data standards and regulations such as NIST Cybersecurity Framework and ISO27001 to identify and surface risks quickly, and drive remediation across Woven Planet. Proficiency in regulations/standards to manage information security risks such as NIST Risk Management Framework (RMF) is also required. In addition, a good understanding of privacy laws and regulations such as GDPR, CCPA/CPRA and APPI is a big plus.
 
Woven Planet Security demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must.

 

RESPONSIBILITIES

 

  • Conduct information security risk assessments for Woven Planet businesses
  • Operate the third party security risk management process
  • Coordinate assessments against key regulatory and framework guidance for cloud cybersecurity controls
  • Operate an internal data governance program and associated privacy risk assessments
  • Execute security audit programs to identify gaps in controls and processes and drive remediation efforts
  • Work closely with the security team members, other security leaders as well as Woven Planet leadership to create and maintain information security standards that are concise, actionable, and easy to understand for our customers.
  • Maintain Information Security program documents that describe the function.
  • Maintain compliance programs to ISO 27001 & 21434, NIST CSF, APPI/CCPA/GDPR.
  • Have fun!
  •  

    MINIMUM QUALIFICATIONS

     

  • 5+ years of hands-on technical experience as a security engineer or software engineering 
  • 3+ years of experience within Information Risk Management, IT audit or Security Governance function
  • Excellent written and verbal communication skills 
  • Deep insight of common threat actor methodologies, OWASP Top10 vulnerabilities as well as MITRE ATT&CK.
  • Experience in IT auditing and technical assessments of networks, operating systems, cloud environments
  • Hands on experience configuring GRC tools
  • Experience with agile and good knowledge of DevOps, and how they impact risk management and compliance
  • Proven record of building and implementing NIST CSF/RMF
  •  

    PREFERED QUALIFICATIONS

     

  • Experience building enterprise governance, risk, and compliance programs
  • Proven record of meeting PIPL such as APPI, CCPA, GDPR security and privacy requirements
  • Hands on experience in compliance automation
  • Hands on experience with AWS
  • Hands on experience with vulnerability scan and penetration test
  •  

     

    If you are currently located at outside of Japan, don’t worry, we’ll set an interview over Google Hangout Meet or Skype.
    WHAT WE OFFER
    ・Competitive Salary – Based on skills and experience
    ・Work Hours – Flexible working time with NO core-hours
    ・Paid Holiday – 20 days per year (prorated)
    ・Sick Leave – 6 days per year (prorated)
    ・Holiday – Sat & Sun, Japanese National Holidays, and other days defined by the company
    ・Japanese Social Security – all applicable (Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance)
    ・In-house Training Program (software study/language study)
    By submitting your application you agree to the following terms:
    [OUR COMMITMENT]
    ・We are an equal opportunity employer and value diversity.
    ・We pledge that any information we receive from candidates will be used ONLY for the purpose of hiring assessment.
    Your subscription could not be saved. Please try again.
    Your subscription has been successful.

    Receive job alerts twice per week:

    We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use