Senior Security Risk Technical Specialist

About Woven by ToyotaWoven by Toyota, a part of the Toyota Group, is challenging the current state of mobility through human-centric innovation and empowering mobility transformation. Through our AD/ADAS technology, our automotive software development platform Arene OS, our mobility test course Toyota Woven City, and Toyota’s growth fund, Woven Capital, we are pioneering the movement of people, goods, information, and energy, weaving a future of enhanced safety, connectivity and well-being for all.
=========================================================================
TEAMThe security team at Woven by Toyota is on the cutting edge of many challenging security problems.We identify emerging security threats in autonomous vehicles and help design more secure systems.We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.
WHO ARE WE LOOKING FOR?We are looking for a Senior Security Risk Technical Specialist to lead information security risk management engagements such as technical risk assessments pertaining to Woven by Toyota's businesses and engineering work.
You will identify risks and vulnerabilities by working with diverse internal and external stakeholders of varied technical and business backgrounds. You will work with technical product teams on assessing any security risks and manage those risks through their lifecycle. You will be expected to work with both highly technical teams and senior management. 
While this is a risk assurance position, given the cutting edge nature of projects that we work on (IoT, autonomous driving, vehicle OS), we are seeking a candidate with strong technical insight.
Woven by Toyota Security demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. In this role, you will report to an engineering manager, in a hybrid capacity requiring your presence onsite three days per week.

RESPONSIBILITIES

• Lead/perform risk assessment engagements for products (IoT, autonomous driving, AI etc), enterprise, and related information systems or processes
• Manage technical, process and human related information security risks and ensure compliance for information security policies and regulatory requirements by conducting technical, procedural and operational review of business processes and system controls
• Communicate and escalate risk issues to the appropriate level and department from frontline teams to senior management 
• Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts for products and enterprise. Coordinate and validate business risk justification documents for internal and external governance programs.
• Manage third party risk with both internal and external stakeholders

MINIMUM QUALIFICATIONS

• 6+ years experience in Information Security
• 3+ years technical security experience securing products incorporating emerging technologies like IoT, AI, Automotive operating systems
• 1+ year of experience within Information Risk Management, IT audit or Security Governance function
• 1+ year of experience with regulatory compliance and information security management frameworks (e.g. ISO27001/ISO27002, NIST CSF, CMMC)
• Experience in highly regulated industries, ideally with retail product exposure and impact
• Technical expertise in the security field and experience with security architecture and ability to challenge risk assessments on the technical side
• Experience with multiple risk assessment methods including threat modeling (STRIDE, etc.)
• High level of independence and autonomy in leading and performing engagements, including conducting interviews, with a complex set of corporate stakeholders
• Experience in IT auditing and technical assessments of networks, operating systems, cloud environments, etc.
• Excellent written and verbal communication skills and ability to adapt communication to the audience skillset and level of responsibilities

NICE TO HAVES

• Japanese language proficiency
• 5+ years of technical security experience out of the required 6+ years of Information Security experience
• 3+ years of experience within Information Risk Management, IT audit or Security Governance function
• 3+ years of experience with regulatory compliance and information security management frameworks (e.g. ISO27001/ISO27002, NIST CSF, CMMC)
• 1+ year of development and coding experience ideally in IoT, AI, automotive OS
• Experience with compliance especially security and privacy regulations
• Experience building enterprise governance, risk, and compliance programs
• Hands-on experience in configuring and working with GRC tools
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)

=========================================================================Important Points・All interviews will be arranged via Google Meet, unless otherwise stated.・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.
WHAT WE OFFER・Competitive Salary - Based on experience・Work Hours - Flexible working time・Paid Holiday - 20 days per year (prorated)・Sick Leave - 6 days per year (prorated)・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance・Housing Allowance・Retirement Benefits・Rental Cars Support・In-house Training Program (software study/language study)
Our Commitment・We are an equal opportunity employer and value diversity.・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.