Senior GRC Manager, Security Architecture & Compliance Section (RMI Security Eng. & Ops Dep)

Job Description:

About Organization

Security Architecture & Compliance Section is the Section that focuses on information security governance and compliance. Within this, Governance, Standards, Compliance & Risk Section is the section that handles overall governance and compliance related to information security.

We are seeking a highly accomplished and strategic Senior Manager / Manager to lead our Governance, Risk Management, and Compliance function. The ideal candidate will possess extensive experience in building, managing, and maturing GRC programs, with deep expertise across various domains and a proven track record of leading teams. This leadership role is responsible for defining and executing the organization's GRC strategy, ensuring alignment with business objectives and the complex Japanese regulatory landscape, and providing critical reporting to executive leadership and the board.

Job duties

• Lead, mentor, and develop a team of GRC professionals, fostering a culture of excellence, collaboration, and continuous improvement.

• Define, implement, and continuously mature the organization's overall GRC strategy, policies, standards, and procedures, ensuring alignment with strategic goals and risk tolerance.

• Serve as the primary point of contact for GRC matters, reporting directly to executive management and the board of directors on the state of governance, key risks, and compliance posture.

• Oversee and direct enterprise-wide risk management activities, including the establishment of risk assessment methodologies, identification of key risks (strategic, operational, financial, cybersecurity, regulatory), analysis, and monitoring processes.

• Establish and maintain a robust compliance program, ensuring adherence to all applicable Japanese laws and regulations (e.g., Secrecy of Communication, APPI cybersecurity regulations, telecom-specific requirements) and international standards as required.

• Direct the design, implementation, and evaluation of internal controls across the organization, collaborating closely with internal audit, IT, and business units.

• Lead the selection, implementation, and optimization of GRC technology solutions to automate processes, improve efficiency, and enhance reporting capabilities.

• Develop and manage the GRC function's budget and resources effectively.

• Oversee regulatory monitoring processes, ensuring the organization is proactive in understanding and responding to changes in the legal and regulatory environment.

• Champion and drive a strong GRC and risk-aware culture throughout the organization through effective communication, training programs, and engagement with stakeholders at all levels, including senior leadership.

• Manage relationships with external auditors, regulators, and legal counsel related to GRC matters.

• Direct the preparation of high-quality, insightful reports and presentations for executive management and the board on GRC program status, key risks, compliance performance, and strategic initiatives.

• Stay abreast of emerging GRC trends, threats, and best practices, particularly those impacting organizations in Japan.

Minimum Qualification

• Bachelor's degree in Information Technology, Law, Finance or a related field. An advanced degree (Master's or higher) in a relevant discipline (e.g., MBA, Cybersecurity) is highly preferred.

• Multiple relevant professional certifications such as CISA, CISM, CRISC, CISSP, CGEIT, or others demonstrating expertise in GRC leadership and domains are good to have.

• 10-12 years of progressive experience in Governance, Risk Management, and Compliance roles, with a significant portion a leadership or management capacity responsible for teams and/or significant program components.

• Proven experience leading and managing teams of GRC professionals, including hiring, performance management, and development.

• Extensive experience in designing, implementing, and managing enterprise-level GRC programs.

• Deep and broad understanding across multiple GRC domains (e.g., security risk management, compliance management, policy management, third-party risk, business continuity, information security governance).

• Comprehensive knowledge and practical experience with the Japanese regulatory environment, including financial regulations, data protection laws (APPI), corporate governance codes, and cybersecurity legal requirements.

• Experience reporting to and advising executive management and boards on complex GRC matters.

• Strong experience with GRC technology platforms; experience with specific leading GRC tools is a significant advantage.

• Exceptional strategic thinking, leadership, and influencing skills.

• Excellent verbal and written communication, presentation, and interpersonal skills, with the ability to effectively communicate complex technical and regulatory information to diverse audiences, including non-technical executives.

• Demonstrated ability to manage multiple priorities, projects, and stakeholders in a fast-paced environment.

Languages:

English (Overall - 3 - Advanced), Japanese (Overall - 1 - Beginner)