Information Security Senior Specialistの求人情報なら転職エージェントJAC


Information Security Senior Specialist

  • 転勤なし
  • 週休二日制
  • 外資



会社名 社名非公開 <業種:流通 - 通販・EC>



雇用形態 正社員(期間の定めなし)
勤務地 千葉県

The Senior Information Security Specialist for IT Audit is responsible for planning and conducting IT General Control (ITGC) operational effectiveness assessments, specifically following Payment Card Industry (PCI), Sarbanes Oxley (SOX) and other compliance frameworks. Audits information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security. Evaluates IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss. Determines and recommends improvements in current risk management controls and implementation of system changes or upgrades.

・ Reviewing and updating the IT audit universe that includes all types of compliance obligations, contractual requirements, and existing and potential risks.

・ Planning and reviewing the annual review of compliance requirements influencing operations and initiatives in information security, privacy, IT risk management, business continuity and disaster recovery, and related third parties.

・ Developing and revising procedure for the inclusion of changing risks into the plan.

・ Planning and reviewing annually the risks influencing the effectiveness of information security, privacy, and Information security risk management.

・ Studying risk assessments conducted by the business owners and support functions to incorporate relevant tests in assessment plans.

・ Reviewing the IT audit risk assessments conducted by the internal audit team members.

・ Planning third-party audits in consultation with vendor management teams and business process owners.

・ Reviewing third-party attestation and audit reports, and providing feedback to business leaders and risk owners.

・ Reviewing raw data and work papers collated by the internal audit team.

・ Monitoring Information Security assessment best practices in the industry to determine opportunities for improvement, including tools and processes.

・ Responsible for the coordination and completion of all government, regulatory, and compliance documents for all business units in an organization.




・ Bachelors or Masters degree in computer science or information technology, and study conducted in information security controls or equivalent work experience

・ 3-5 years performing IT Audits and Assessments

・ Must be able to run an audit engagement independently, with minimal supervision

・ Key business processes in Retail and E Commerce.

・ Regulatory and industry compliance standards, frameworks, and guidance including PCI and SOX

・ ISACA ITAF・: A Professional Practices Framework for IS Audit/ Assurance DSS, SOX, Data Protection Directive.

・ Industry certifications such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP) a plus

・ Experience in writing and presenting technical reports in business language to different audiences, including different levels of IT and the business.

・ Ability to establish credibility and working relationships with a wide range of corporate personnel, including Audit, IT operations, IT management, executive and legal staff, as well as with external personnel, including external auditors and regulators.

・ Ability to maintain open communication channels leadership, management, and peers

・ Proven leadership ability.

・ Under the guidance of a manager, able to set and manage priorities.

・ Exceptionally self-motivated, directed and detail-oriented traits.

・ Superior analytical, evaluative and problem-solving abilities.

・ Ability to motivate in a team-oriented, collaborative environment.

・ Experience in project management.

・ Ability to retain and improve team enthusiasm for better supporting the business's assurance requirements.

・ Travel for this role is minimal (< 10% travel annually).

Business Knowledge and Technical Experience

・ Demonstrated use of data analysis software, audit management software and continuous audit solutions.

・ Demonstrated understanding of data processing, hardware platforms, and enterprise software applications and outsourced systems.

・ General knowledge of business theory, business processes, management, budgeting and business office operations.

・ Ability to translate the company's vision, values, mission and objectives into drivers for designing the information security assessment/audit agenda.

・ Proven experience in writing audit reports for different audiences

・ Proven experience of working in technology environments, including audit

・ Experience in risk-based audits.


年収 600万円 - 800万円