Job Overview

As a Senior Analyst (Compliance Program Manager for Japan) you will play a pivotal role in scaling the organization by supporting the Global Federal Public Sector Compliance program. Operating as a key member of the Global Information Security (GIS) team you will ensure adherence to international and regional regulatory frameworks specifically managing cloud certifications such as Japans ISMAP alongside other regional standards. You will collaborate with business stakeholders to drive Global Federal GRC activities administer GRC solutions and assist in the management of the Information Security Management System (ISMS). This position is critical to achieving our compliance objectives and maturing our controls and overall Information Security program.

Job Responsibilities:

• Prepare and lead Netskope to obtain and maintain Information system Security Management and Assessment Program (ISMAP) government certification/registration for the Japanese Market including maintaining ongoing compliance for the InfoSec Registered Assessors Program (IRAP) for the Japan Market.
• Coordinate and support the audit of the Netskope cloud platform with relation to the above certifications leading evidence gathering and validation and meeting with both internal and external stakeholders as needed.
• Analyze evidence collected and determine whether evidence meets program requirements.
• Educate internal stakeholders on program control requirements translating control requirements into business requirements.
• Perform the role as the primary in-country contact and liaison with Japan Independent Administrative Agency Information-technology Promotion Agency (IPA) on all matters related to the ISMAP registration and ongoing compliance
• Build and maintain healthy business relationships with external auditors and have the conviction to respectfully challenge control interpretations and be able to speak confidently to compensating controls where warranted.
• Assemble submit and maintain program packages including the application (Declaration Document) control responses audit attestation and report
• Where required properly scope and select compliance program control objectives to align with the functionality of the Netskope platform and features provided as a part of the compliance program packages.
• Develop and maintain all program Control Mappings reviewing control description and related policy documents and identifying and remediating any gaps between control description and program control criteria.
• Ensure Netskope Policies and Procedures and ISO 27001 Information Security Management System (ISMS) Manual align with program criteria requirements including but not limited to ISMS Plan Policies and Procedures.
• Work closely with internal stake holder and control owner teams (Engineering Support HR etc) to ensure all the Security and Compliance controls are operating effectively to sufficiently address the underlying risk of the security and compliance requirements of the framework.
• Proactively maintain awareness of emerging regional trends and changes to Industry Standards and benchmarks in the APAC region.
• Assist in recommending alternative approaches for risk mitigation
• Develop and maintain mandatory documentation (i.e. ISMAP and IRAP program packages and supporting documents) in support of audits and customer compliance needs
• Manage and complete customer risk assessments including audits and evidence collection from relevant stakeholders
• Monitor control effectiveness and escalate where issues are identified
• Contribute and co-manages KPI programs including monitoring and metrics
• Ensure program audit findings and improvement areas are managed tracked and remediated in a timely manner and communicate risk to Netskope management.
• Collaborate with Internal Audit and other assessors on technical audits
• General knowledge of cyber security and cloud technologies to secure an organization.
• General knowledge of risk management and how to use risk management in a security program.

Qualifications:

• A minimum of five (5) years experience in Information Security and/or Technology related cybersecurity regulatory compliance experience
• College Degree or equivalent in experience.
• Prefer candidates with technical and IT security certifications such as CISSP CISM CISA or equivalent.
• Knowledge of compliance frameworks such as ISMAP IRAP SOC 2 ISO 27001 NIST PCI etc.
• Language Proficiency: Fluent in reading and writing Japanese and English.
• Knowledge of common IT systems (Operating Systems network devices applications) Core IT processes/services such as SDLC Identity and Access Management Vulnerability Management Backup and DR processes will be useful
• Experience with AWS Azure & GCP environments is a plus.
• Good interpersonal verbal and written communication skills. It is important that the candidate is a team player and possesses strong organizational and planning skill
• Ability to connect and communicate with both business and IT technical staff including IT and Business management.

Required Skills & Experience:

• Highly analytical with the ability to present analysis.
• Excellent written and verbal communication.
• Experience in performing risk assessments describing compensating controls and prioritizing control implementation based on risk.
• Experience in maintaining metrics and measures.
• Experience in supporting customer audits
• General understanding of cloud technologies
• General understanding of meeting multiple federal and industry compliance frameworks such as PBMM CSA STAR HIPAA PCI-DSS etc.

Preferred Skills:

• Knowledge and experience in managing GRC tools.
• Experience with vulnerability management tools and vulnerability risk analysis
• Ability to be an active member of a team
• Ability to communicate effectively (written and verbal)
• Self-motivated to work on tasks independently within the team
• Ability to educate other members of the on existing processes and technologies
• Self starter and quick learner

GL-1