Corporate Information Security Governance - Corporate Division [Rakuten Payment]

Job Description:

Our Service

As one of representative sector of Rakuten FinTech Group, we are developing payment services such as "Rakuten Pay", "Rakuten Point Card", "Rakuten Edy", "Rakuten Cash" and "Rakuten Check", as well as business centered on marketing.

Features and Strengths

- Rakuten Payment's payment services can be used at approximately 5 million online and offline locations, including supermarkets, convenience stores, and shopping malls nationwide, as well as at approximately 1 million locations where transportation e-money can be used, and the number of locations where it can be used is continuing to expand.

- With the strength of the market size of Rakuten Points, which has surpassed 2 trillion yen in total issuance, the introduction of Rakuten Point Cards in offline stores and other cashless settlement services developed by the Company is accelerating, in addition to service collaboration with Rakuten Group companies.

- As a pioneer in cashless settlement, the know-how acquired through the Rakuten Edy e-money business, which was launched about 20 years ago, has become a solid foundation to support other cashless settlement businesses that we are developing.

- Taking advantage of the size of the market and our know-how, we have introduced a series of advanced services to improve the convenience of settlement, such as the addition of Suica functionality to Rakuten Pay in cooperation with East Japan Railway Company, and the instant recharging of Rakuten Point cards to enable smooth settlement when the balance on the card is insufficient.

Background of Recruitment

Driven by the cashless consumer return program led by the Ministry of Economy, Trade and Industry (METI) and the Myna Point program led by the Ministry of Internal Affairs and Communications (MIC), the demand for cashless payments is expanding further and the number of users and merchants is exploding.

As companies seek to provide more attractive services by improving usability and offering new functions, there is a growing need to strengthen the security of the entire IT environment, covering a wide range of areas from risk assessment of the corporate-IT environment, requirements definition of security measures, solution implementation, and operation.

We are looking for a person who will be proactively responsible for strengthening and promoting information security management in collaboration with the sites that create innovative businesses and services.

Specific Job Description

- Formulate business plans and mid-term plans for information security management

- Problem management and planning for drastic measures

- Creation and implementation of security policies, guidelines and handbooks.

- Risk assessment and countermeasure planning for overall information security, including IT security, contractors, cloud services, data centers, physical security, and corporate mergers (post-merger integration). Alignment with corporate risk.

- Audit preparation (information asset inventory, risk assessment, etc.) and response to internal and external audits for the regular renewal of ISO/IEC27001 (ISMS) for Rakuten Group (Japan region).

- Planning and execution of security education by level and implementation of awareness-raising for employees

- Handling of information security incidents, analysis and thorough implementation of measures to prevent recurrence, periodic security incident training, targeted email training, etc.

Essential Requirements

- At least 3 years of working experience in the information security field (both vendor and in-house experience are welcome)

- Basic knowledge of IT, privacy and cyber security

- Basic knowledge of IT, privacy and cyber security

- Ability to be proactive in finding and solving problems

- Experience working cross-functionally in an organization of more than 1,000 people

- English proficiency of 800 or higher on TOEIC or the motivation to obtain an equivalent score within 2 years of joining the company.

Welcomed Requirements

- Information security related certifications (CISSP, CISA, CISM, ISMS Auditor, PCI DSS ISA)

- Experience in information security in fintech, finance, internet/web business domain

- Experience in conducting ISMS audit responses

- Knowledge of industry standards and best practices such as ISO27000 series, NIST, PCIDSS

- Experience in organizational management and leading projects

- Experience participating in English-based multi-national organizations and projects

- Experience working with external information security related organizations such as ISACA and Japan CSIRT Council

Languages:

English (Overall - 2 - Intermediate), Japanese (Overall - 4 - Fluent)