Manager, Cybersecurity Risk

Cybersecurity Risk Manager

The Cybersecurity Risk Manager reports to the Business Information Security Officer (BISO) and collaborates with business and IT colleagues to deliver critical capabilities in support of strategic information security goals. This includes operational management of third-party and IT system cybersecurity assurance processes that assess against company standard information security controls. This role will also coordinate the execution of periodic penetration tests and other required cybersecurity assessments, including the end-to-end management of identified issues. The role will interface with stakeholders in privacy, legal, quality, and other compliance functions and requires excellent communication skills and the ability to support multiple efforts across information security disciplines.

As a member of the Information Security team and under the supervision of the BISO, the Cybersecurity Risk Manager is responsible for cybersecurity assessment processes in alignment with the IS strategy and roadmap. Responsibilities include working with the business and IT to ensure that they assess third parties and IT systems against information security controls. The Cybersecurity Risk Manager also leads the coordination and execution of penetration tests and other cybersecurity assessments, ensuring the assignment of identified issues to owners and tracking through completion. In addition, this role supports the BISO in the management of a cybersecurity risk management platform. The expectation is that the individual successfully coordinates multiple tasks and priorities continuously with limited supervision.

Supply Chain Cybersecurity Assurance

Support the business and IT on initial assessment of third parties against industry standard information security controls using the company standard third party risk management solution.

Manage identified issues through cybersecurity risk management processes, including risk analysis and recommendations for remediation or mitigation, in partnership with colleagues from privacy, legal, quality, and other compliance functions as required.

Establish and manage a complete inventory of business and IT applications and third parties to ensure a defined level of inherent and residual risk.

Oversee and support the execution of ongoing governance for inherently high risk third parties, ensuring the periodic evaluation of changes to security posture.

Provide periodic status reporting to the BISO and CISO.

System Cybersecurity Assurance

Support the business and IT on the execution of information security assessments against industry standard information security controls as part of the systems development life cycle.

Manage identified issues through cybersecurity risk management processes, including risk analysis and recommendations for remediation or mitigation, in partnership with compliance stakeholders from privacy, legal, quality and compliance colleagues as required.

Manage the process to ensure that the inherent and residual risk levels for business and IT applications are documented, with a focus on those that collect, process or store vital information ("crown jewels") in coordination with information security colleagues.

Oversee the execution of ongoing assessments for inherently high-risk IT systems, including a periodic evaluation of changes to the security posture.

Provide periodic status reporting to the BISO and CISO, including the identification of systemic risk issues.

Penetration Testing and Cybersecurity Assessments

Support the planning, scoping and coordination of annual independent penetration tests conducted by external partners.

Analyze findings from the penetration tests and ensure the assignment of appropriate remediation or mitigation actions in collaboration with IT and information security colleagues.

Track all issues through completion through the cybersecurity risk management process.

Provide periodic status reporting to key stakeholders.

To be successful in this Cybersecurity Risk Manager role, you must have and maintain knowledge of the information and cybersecurity frameworks and best practices, exhibit strong analytical skills and good judgement, and demonstrate excellent communication in collaboration with stakeholders. You must also stay up to date with industry advancements and continuously improve security protocols to protect the organization's data from threats.

Qualifications / Required Knowledge / Experience and Skills :

5+ years of experience in information security, including roles in information security assurance or assessment processes.

Strong understanding of cybersecurity frameworks and best practices.

Excellent communication and people skills, with the ability to explain complex technical concepts to non-technical stakeholders, both verbally and written.

Experience with cloud security (e.g., AWS, Azure, Google Cloud).

Convey a can-do approach, even in the face of obstacles and constraints, by assessing what is in front of you and effectively and efficiently optimizing what you have, whether it is working on something new or thinking about how to do something better.

Demonstrate teamwork and communication skills through knowledge sharing, collaboration, and relationship-building.

Exhibit the capacity to actively learn and apply specific domain knowledge and best practices to continually enhance and improve.

Educational Qualifications :

Bachelor's degree in computer science, Information Security, or a related field.

Certifications such as CISSP, CISM, CISA, or similar are highly desirable.

Competencies :

Accountability for Results - Stay focused on key strategic objectives, be accountable for high standards of performance, and take an active role in leading change.

Strategic Thinking & Problem Solving - Make decisions considering the long-term impact to customers, employees, and the business.

Patient & Customer Centricity - Maintain an ongoing focus on the needs of our customers and / or key stakeholders.

Impactful Communication - Communicate with logic, clarity, and respect. Influence at all levels to achieve the best results for Otsuka.

Respectful Collaboration - Seek and value others' perspectives and strive for diverse partnerships to enhance work toward common goals.

Empowered Development - Play an active role in professional development as a business imperative.

Salary Range : Minimum $117,027.00 - Maximum $175,030.00, plus incentive opportunity : The range shown represents a typical pay range or starting pay for individuals who are hired in the role to perform in the United States. Other elements may be used to determine actual pay such as the candidate's job experience, specific skills, and comparison to internal incumbents currently in role. Typically, actual pay will be positioned within the established range, rather than at its minimum or maximum. This information is provided to applicants in accordance with states and local laws.

Application Deadline : This will be posted for a minimum of 5 business days.