Cybersecurity Architecture Owner

HOYA Group: Founded in 1941 in Tokyo, Japan, HOYA Corporation is a global technology and med-tech company and a leading supplier of innovative high-tech and medical products. HOYA’s divisions and business units research and develop products utilized in the healthcare and information technology fields. In the healthcare field, we provide medical device products such as eyeglasses, medical endoscopes, contact and intraocular lenses, orthopedic implants, surgical/therapeutic devices and medical device reprocessing and disinfection solutions. In the information technology field, we provide products such as optical lenses, photomasks and blanks used in the manufacturing process for semiconductor and LCD/OLED devices, text-to-speech, human resources and other software solutions and critical components for the mass memory and cloud storage industries. With over 150 offices and subsidiaries worldwide, HOYA currently employs a multinational workforce of 37,000 people.

The Enterprise Cybersecurity Architecture Owner is a senior strategic role responsible for defining and governing the enterprise security blueprint. This role ensures that cybersecurity requirements are embedded consistently across the organization while enabling technology teams to deliver solutions efficiently and safely. The position is based in Singapore and reports to the Group CISO.

This role is not responsible for designing or implementing individual solutions. Instead, it establishes the architectural guardrails within which technology owners and delivery teams operate. The function can be compared to city planning, where zoning laws, building codes, and infrastructure standards are defined centrally, while individual builders design and construct buildings that comply with those rules.

• Define security principles, requirements, standards, and reference architectures guiding technology design across cloud, identity, data, network, platform, and operational technology environments
• Derive architectural artifacts from enterprise security policies, risk appetite, and control objectives
• Create reusable blueprints for consistent application across initiatives
• Maintain approved security patterns and define standard approaches for common architectural scenarios

• Own the enterprise security architecture framework
• Ensure framework alignment with evolving business priorities, risk landscapes, and regulatory expectations
• Articulate security requirements clearly early in the lifecycle of major initiatives

• Lead and govern risk-based security architecture reviews for high-impact or high-risk initiatives
• Conduct advisory reviews focused on ensuring alignment with enterprise guardrails rather than redesigning solutions
• Manage exception and waiver processes for deviations from standards, ensuring decisions are risk-informed, time-bound, and properly documented

• Partner with cyber defense function to ensure detection, response, and resilience requirements are reflected in architecture standards
• Collaborate with risk and policy functions to translate control objectives into practical architectural guidance
• Work with technology and digital teams to ensure guardrails are pragmatic and enable delivery

• Does not act as a solution architect or select/configure tools
• Does not own delivery or operational outcomes
• Technology owners and delivery teams retain accountability for solution design, implementation, and day-to-day operations
• Technology owners own operational risk of systems that conform to the established architectural blueprint

Success in this role will be measured by clearer security expectations, fewer late-stage security issues, faster delivery through reuse of approved patterns, improved alignment between security and technology teams, and a consistent security posture across the enterprise.

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Certifications such as CISSP, CISM, SABSA, or TOGAF (with security focus) are highly desirable.

• Successful candidates will bring deep experience in cybersecurity architecture at an enterprise or group level, with a strong ability to operate across strategy, risk, and technology domains.
• Strong influencing skills to senior stakeholders, balancing risk and delivery tradeoffs, and enabling large organizations to scale security through clarity and consistency rather than control by exception.