IT（PM・SE） - 社内SE（アプリケーション）
IT（PM・SE） - 社内SE（インフラ）

<COMPANY DESCRIPTION>
Santenは、眼科医療に特化した130年の歴史を持つ製薬企業です。日本発のグローバル企業として60カ国以上に拠点を持ち、目の健康のために様々な革新的な治療法とデジタルソリューションを提供し、世界中の人々の視覚に関わる社会問題に取り組んでいます。

<JOB DESCRIPTION>
■Job’s mission
Under the direct supervision and guidance of the Cybersecurity Manager (as the direct report, 70%) and Global Head of Information Security (as the dotted line report, 30%), the job holder is part of the Global Information Security Function (Digital & IT Division), responsible for execution of Global Cyber Defense Strategy, implementation of technical solutions to defend Santen from cyberattacks, running risk assessments of all new global solutions, managing the risk and vulnerability management process (both Information Systems and Industrial Control Systems), developing and maintaining the organization's security architecture, which is in line with security regulations, standards and best practices, managing the SOC (Security Operations Center) partner in order to ensure that information assets are adequately protected and compliant as well as maximize the benefit of information systems for Santen’s global businesses.

■Number of direct subordinates
No direct subordinates as of the recruitment date however there will be several Digital & IT members and external consultants whose activities need to be coordinated by this role within the framework of cybersecurity projects or processes.

Key Responsibilities & Accountabilities

■Cybersecurity Defense & Management
-According to the company’s long-term vision, execute the cybersecurity strategies by collaborating with cross-functional teams to design and implement secure infrastructure and application solutions
-Understand expectations of the company with regard to continuous growth, establish concrete goals, and create mid-term strategies to achieve goals
-Drive the Global Cyber Defense Strategy, maintain ready forces and capabilities to conduct cybersecurity operations (Santen’s Global SOC is based in Finland)
-Anticipate future internal and external trends and implications and create appropriate cybersecurity measures
-Build understanding of cyber threats in each level. Develop detection & protection measures continuously, lead the technical solution implementations to be prepared to defend Santen from disruptive or destructive cyberattacks

■Technical Risk Management
-Improve Santen’s cybersecurity maturity level by increasing overall awareness and providing security advice/insights on technical requirements both to technical and non-technical leaders (Information Systems and Industrial Control Systems global leaders)
-Act as Security Architect in global program & project implementations, planning the delivery of risk mitigation solutions and answering technical questions, reviewing current security measures, recommending enhancements, and identifying areas of security weakness
-Perform technical risk assessments (IT & OT) of all new global solutions and third parties, identify potential gaps and make sound recommendations for mitigating the risks on a global scale
-Perform ongoing security maturity level assessments (Application Advisory Board Reviews and Critical 3rd Party Assessments such as; SOC Vendor, Infra Support Vendors) to evaluate the effectiveness of security controls and explain the effectiveness to project teams, business stakeholders and senior management
-Implement the Internal Cybersecurity Framework to support the state-of-art technologies and Santen regulatory and organizational requirements (ISO 27001, NIST, Data Privacy Laws)

■Business Continuity & Disaster Recovery Management
-Support the Disaster Recovery and Business Continuity framework, related initiatives and execution
-Verify and continuously improve the Recovery Process performed during or after an security incident to ensure that it meets business requirements and is effective and practical

■Security Incident Management
-Ensure the security incident management process are executed properly by regional Infra leads by tracking the resolution process and making sure the known issues are addressed according to risk management methodology
-Manage the monthly operational meetings between SOC team and Santen, improve the overall process and ensure the KPIs are achieved

■Vulnerability Management
-Implement and improve the Global Vulnerability Management Program focused on reducing the risk presented by vulnerabilities in Santen environment by continuously performing three core steps; Discovery, Reporting and Remediation
-Guide the technical teams (Global Infra, Regional Infra and Application teams, critical third parties) to make sure vulnerabilities are mitigated on a timely manner
-Manage the global vulnerability scan and penetration test exercises

■Threat Intelligence
-Determine the need for covering the risks on company’s threat landscape and continuously search for the most strategic product & services to deliver the needed capabilities
-Keep track of changes in Santen’s business, threat landscape, product innovations and rebalance accordingly
-Build close partnerships and implement efficient internal processes with business and technical teams to detect and mitigate threats before they can be exploited

■休日：完全週休二日制, 土, 日, 祝日, 年末年始

<QUALIFICATIONS>
■Education
-Bachelor's degree in Business, Computer Sciences, Engineering, or related field
-Relevant Cyber security certifications (CISSP, CISM, CISA, CEH, Registered Information Security Specialist, etc.)

■Experience
-Minimum of 7 years experiences in Information Systems, including minimum of 4 years experiences in the fields of Information Security, Cybersecurity, Risk Management, Business Continuity Management
-Experience with program implementations such as ISO, NIST CSF, COBIT and other related compliance frameworks
-Experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
-Successful experiences of project management
International experience of working with teams spread across different countries and global stakeholders
-Excellent track records of delivering results

■Functional Competencies
-Expert understanding of cybersecurity concepts, principles and practices
-Expert knowledge of current and emerging cybersecurity risks, and innovative risk management methods and solutions
-Expert knowledge of business continuity and disaster recovery frameworks
-Knowledge of security best practices in public cloud environments
-Knowledge with SASE, CASB, SWG, ZTNA technologies is an asset
-A strong understanding of the business impact of security tools, technologies and policies
-Practical project management skills applied to information systems and services
-Documentation and presentation skills that are convincing for management
-Fully comfortable working in English, both written and spoken

Santen Leadership Competencies
■Generic style
-Independent & autonomous, while still a strong teammate
-Strong sense of integrity
-Enthusiastic and self-starting
-Achieving Valuable Business Results

■Stays focus on business value
-Sets clear, challenging goals, then measures the result
-Deals with performance issues of the projects/implementations in a timely manner
-Look for new solutions, new technologies, using innovative approach

■Thinking and Decision Making
-Takes a systematic and methodical approach to work
-Strong analytical, research, and problem-solving skills with a keen attention to detail
-Makes most effective questions before problems resolution plans are made
-Makes clear and timely decisions, forward-thinking

■Influencing
-Good interpersonal and communication skills in order to share knowledge with a variety of levels, and to communicate effectively with business and technical functions
-Uses a mixture of data, logical arguments and organizational knowledge to achieve the desired results
-Ability to prioritize incoming escalations and requests appropriately using clear communications.

■職種未経験者：不可