ABOUT WOVEN PLANET GROUP
Woven Planet Group (Woven Planet) represents a carefully curated blend of expertise and resources dedicated to bringing the vision of “Mobility to Love, Safety to Live” to life. Through innovations and investments in automated driving, robotics, smart cities, and more, we are transforming how humankind lives, works, and moves. We exist to design, build, and deliver secure, connected, and sustainable mobility solutions that benefit all people worldwide. Founded in 2018 as Toyota Research Institute – Advanced Development (TRI-AD), Woven Planet is composed of four complementary companies: Woven Planet Holdings, Woven Core, Woven Alpha, and Woven Capital.
Visit us to learn more: https://www.woven-planet.global/
The security assurance team at Woven Planet is responsible for managing security risks. on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
WHO ARE WE LOOKING FOR?
Do you have experience handling enterprise security risks end-to-end, identifying gaps in compliance, and building information security policies?
We are looking for experienced information security risk specialists who are passionate about compliance, governance, and risk management to ensure Woven Planet has an appropriate level of risk and remains compliant to applicable regulations.
The successful candidate is one with extensive experience in working with various security/privacy/data standards and regulations such as NIST Cybersecurity Framework and ISO27001 to identify and surface risks quickly, and drive remediation across Woven Planet. Proficiency in regulations/standards to manage information security risks such as NIST Risk Management Framework (RMF) is also required. In addition, a good understanding of privacy laws and regulations such as GDPR, CCPA/CPRA and APPI is a big plus.
Woven Planet Security demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must.
Conduct information security risk assessments for Woven Planet businesses
Operate the third party security risk management process
Coordinate assessments against key regulatory and framework guidance for cloud cybersecurity controls
Operate an internal data governance program and associated privacy risk assessments
Execute security audit programs to identify gaps in controls and processes and drive remediation efforts
Work closely with the security team members, other security leaders as well as Woven Planet leadership to create and maintain information security standards that are concise, actionable, and easy to understand for our customers.
Maintain Information Security program documents that describe the function.
Maintain compliance programs to ISO 27001 & 21434, NIST CSF, APPI/CCPA/GDPR.
5+ years of hands-on technical experience as a security engineer or software engineering
3+ years of experience within Information Risk Management, IT audit or Security Governance function
Excellent written and verbal communication skills
Deep insight of common threat actor methodologies, OWASP Top10 vulnerabilities as well as MITRE ATT&CK.
Experience in IT auditing and technical assessments of networks, operating systems, cloud environments
Hands on experience configuring GRC tools
Experience with agile and good knowledge of DevOps, and how they impact risk management and compliance
Proven record of building and implementing NIST CSF/RMF
Experience building enterprise governance, risk, and compliance programs
Proven record of meeting PIPL such as APPI, CCPA, GDPR security and privacy requirements
Hands on experience in compliance automation
Hands on experience with AWS
Hands on experience with vulnerability scan and penetration test
If you are currently located at outside of Japan, don’t worry, we’ll set an interview over Google Hangout Meet or Skype.
WHAT WE OFFER
・Competitive Salary – Based on skills and experience
・Work Hours – Flexible working time with NO core-hours
・Paid Holiday – 20 days per year (prorated)
・Sick Leave – 6 days per year (prorated)
・Holiday – Sat & Sun, Japanese National Holidays, and other days defined by the company
・Japanese Social Security – all applicable (Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance)
・In-house Training Program (software study/language study)
By submitting your application you agree to the following terms:
・We are an equal opportunity employer and value diversity.
・We pledge that any information we receive from candidates will be used ONLY for the purpose of hiring assessment.