Assistant Manager IT Security & Governance

The IT Security & Governance role is responsible for ensuring the security, integrity, and compliance of IT systems within the organization. This position focuses on data protection, risk management, regulatory compliance, and cybersecurity operations, aligning with industry standards and best practices. This role requires close collaboration with various teams, including AEON Financial Services (AFS) Japan, ACSM IT, AIBM IT, Compliance, Audit, and business users, to implement security policies, mitigate cyber threats, and ensure a robust security posture within the AEON Group Living Zone.

Key Responsibilities:

Develop, review, and enforce IT security policies, data governance frameworks, and compliance measures in collaboration with relevant stakeholders.

Monitor security compliance, review audit logs, and consolidate audit reports to meet risk management and regulatory requirements.

Investigate, analyze, and report on data breach incidents with recommendations for mitigation and prevention.

Review and consolidate all IT related audit reports and queries from internal and external audit, parent company, AFS, and other regulatory bodies.

Manage access control tasks, enforce data privacy and security measures, and ensure appropriate access rights for business users.

Monitor and secure network data, conduct penetration testing, and coordinate with vendors for issue resolution.

Support the preparation and testing of Business Continuity (BCP) and Disaster Recovery Plans (DRP).

Conduct IT security training, awareness programs, and continuous upskilling for users and the security team.

Improvement and update of IT Security skills and knowledge.

Oversee IT Security projects and collaborate with stakeholders, business units, and vendors to identify and evaluate IT security solutions.

Review security requirements, feasibility analyses, and documents during system development and change processes.

Plan and execute long‑term information security strategies and best practices.

Ensure all team members adhere to security policies and procedures, enforcing compliance and monitoring day‑to‑day operations.

Maintain and optimize the company’s security design and posture.

Provide guidance and support for IT security related projects, including planning, design and reviews of POC and project matters.

Analyze security issues, recommend solutions, and make informed decisions to mitigate risks.

Oversee PCI DSS activities, ensuring compliance with objectives.

Manage vendor relationships and ensure fulfillment of maintenance agreements (SLA/NDA).

Oversee audit‑related matters.

Requirements:

Degree in Information Technology, Information Management or related IT fields.

Information Security certifications are preferred.

Minimum 5 years of working experience in IT Security, IT Governance experience or similar role, preferably in the Insurtech, fintech, or e‑commerce industry.

Knowledge of regulatory requirements such as RMiT, CTRAG, and PCI DSS.

Knowledge in data security and risk assessment.

Technical knowledge of security engineering, computer, and network security, authentication, security protocols, and cryptography.

Strong understanding of cybersecurity frameworks.

Experience with security systems like WAF, IPS, DLP, PAM, IAM, SIEM, AV, FIM, APT, and cloud initiatives.

Ability to create/recommend policies and procedures for secure system use.

Experience assessing the effectiveness of implemented security control.

Capability to manage multiple IT security projects simultaneously.

Strong communication skills, both verbal and written, across all organization levels.

Proven ability to work independently, multi‑task and collaboratively with minimal supervision and manage time effectively.

Ability to solve problems in a flexible and analytical manner.

Excellent interpersonal, problem‑solving, and result‑oriented skills.

Availability to provide after‑hours support for urgent incidents.