Description

　　Are you interested in driving exceptional security for customers? Do you see information security as a business enabler? Amazon’s Stores Security organization is seeking an experienced Security Compliance specialist. As part of the Amazon Stores Security Office of CISO Japan team, this role will build the bridges between security, technology, and compliance by working across remote and local teams within Amazon Security organization, healthcare business teams, and related Amazon corporate teams. This candidate should be an innovative security/compliance professional who has the ability to dive deep into a variety of complex issues, understand IT processes, and drive compliance assessment to existing and emerging Japan healthcare information security standards.

　　The ideal candidate will have strong leadership and problem-solving skills, excellent communication skill, and effectively work with cross-functional Amazon teams to support service build-up, service launch and on-going service operation activities.

　　Key job responsibilities

　　This position will be responsible for:

　　Establish credibility and maintain strong working relationships with groups involved with information security matters (Legal, Amazon Japan Business Entities, Product Management, Security Assurance, Amazon Healthcare compliance, Application Security, Third Party Security, etc.), supporting their security/compliance questions and documents.

　　Manage healthcare application compliance assessment. Manage the readiness efforts of services for Information Security Management System (ISMS) certification, 3 ministries’ 2 guidelines (3M2G) to handle medical information, medical cyber security checklists, and/or audit requirement in Japan, and determine scope for healthcare related compliance assessment activities.

　　Test services annually against laws, regulatory guidelines, and security standards. Perform written regulated service impact assessments relevant to healthcare business in both English and Japanese, and track corrective actions and re-test if necessary.

　　Assist stakeholders and Amazon Japan employees aligning with standard operating procedures, controls, monitoring, and reporting with the goal of improving operations, compliance policies, and risk management.

　　Provide on-going Security and Compliance consultation of business operation and incident management via requested tickets.

　　Support internal information security training development as well as managing engagement of Amazon Japan employees/officers taking external trainings required by regulators if any.

　　A day in the life

　　Engage with regional business and technical stakeholders to identify security needs, and maintain a good understanding of the Japan healthcare regulatory landscape impacting business

　　Determine strategy for highly sensitive and/or high-profile healthcare compliance assessments

　　Maintain metrics on security and compliance, prepare reports for senior management on the state of security in region, and continuously improve the compliance posture of the healthcare business by reducing the number of repetitive defect findings identified cycle over cycle

　　About the team

　　Regional Security Teams (RSTs) operate locally and stationed teams in complex regulatory environments like China and Japan to provide region-specific compliance support and first-line security functions where a dedicated security team does not already exist. Our foray into the latter is driven by our proximity and relationships with business and country leadership, language requirements, and regulatory expectations that are tied to the broader retail/marketplace domain.

　　We are open to hiring candidates to work out of one of the following locations:

　　Tokyo, 13, JPN

　　Basic Qualifications

　　• Bachelor's Degree in Computer Science, Engineering, Information Systems Management, Information Security or other related fields

　　• 3+ years of experience in project/program management, developing and maintaining stakeholder relationships across large organizations

　　• 3+ years of experience in security or compliance consulting or advisory work in support of a highly technical environment

　　• 3+ years of experience in performing and/or participating in technical assessments of complex IT architecture

　　• Experience with Governance, Risk, and Compliance tools and technology

　　• Hands-on experience working successfully in a very fast-paced, rapidly evolving, results-oriented environment

　　• Experience in working directly with auditors/regulators in support of compliance audits for ISO and other compliance regimes

　　• CISSP/CISA/CISM certification is a plus

　　• Fluency in both Japanese and English languages with sufficient writing skill

　　Preferred Qualifications

　　• 5+ years of experience as a technical program manager in security/software/web development organizations

　　• 5+ years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (PCI, SOC, ISO and other compliance regimes)

　　• 5+ years of experience in performing technical security assessments and audits of network, operating systems, application security, and auditing IT processes

　　• A record of delivery of large IT process improvement projects with technology processes and/or major tech companies

　　• Strong bias for action with ability to prioritize, multi-task, and meet deadlines

　　• CISSP/CISA/CISM certification preferred

　　• Meets/exceeds Amazon’s leadership principles requirements for this role

　　• Meets/exceeds Amazon’s functional/technical depth and complexity for this role

　　Please check the website below for measures to eliminate unwanted second-hand smoking in each facility:

　　https://www.amazon.jobs/en/landing_pages/passivesmoking

　　就業の場所における受動喫煙を防止するための措置に関する事項については、下記リンク先をご覧ください。

　　https://www.amazon.jobs/jp/landing_pages/passivesmoking

　　The salary information can be provided individually prior to the 1st interview

　　賃金に関する条件は、１次面接の前に個別にご案内することができます