Genesys empowers organizations of all sizes to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, organizations can accelerate growth by delivering empathetic, personalized experiences at scale to drive customer loyalty, workforce engagement, efficiency and operational improvements.
We employ more than 6,000 people across the globe who embrace empathy and cultivate collaboration to succeed. And, while we offer great benefits and perks like larger tech companies, our employees have the independence to make a larger impact on the company and take ownership of their work. Join the team and create the future of customer experience together.
職務内容
ポジションについて
このポジションは非常にダイナミックで成長の著しい環境であり、俊敏性と柔軟性が求められます。成功する候補者は、進化し続けるコンプライアンス要件の評価、ギャップアセスメントの実施、コンプライアンス関連のガバナンス文書(ポリシー、標準など)の作成、そしてサードパーティ監査をエンドツーエンドでリードする豊富な経験が必要です。
また、GRC(ガバナンス・リスク・コンプライアンス)アナリストのチームを指導し、リスク管理およびリスク対応手法に精通し、同様の高速環境での業務経験が求められます。
クラウドSaaS技術環境(AWSが望ましい)への理解が求められ、最先端の技術と制御が、コンプライアンス基準要件にどのように適合・緩和・補償するかを判断する能力が必要です。グローバルな組織または監査プログラムマネージャーとして監査プログラムを管理した経験が望ましいです。開発者、DevOps、リーダー層に対し、技術要件を適用可能な言語に変換し、地理的に分散したクロスファンクショナルチームと密接に連携します。
主な職務内容・活動
新規および進化する認証プログラム、規制要件、技術について、ビジネスへの積極的な評価と助言
技術的統制、情報セキュリティポリシーと手順の包括的評価(ギャップ分析、推奨事項、優先度付けを含む)
実行状況、主要成果、リスクの管理層への報告
セキュリティ制御システムの評価および監査
プロセス/制御オーナーに対する統制文書(ポリシー、手順など)の作成および維持支援
開発・運用チームへの適切なセキュリティ制御に関する専門的助言
統制の不備の特定、改善策の推奨とその実施推進
現行プロセスのギャップや矛盾の特定と解決策の提案
サードパーティコンプライアンス監査の主導・プログラム管理
複数の部門・専門分野との効果的な連携による複雑な課題の合意形成
情報セキュリティおよびプライバシーに関するポリシー、基準、ガイドラインの維持・更新
インフラ/アーキテクトチームとの連携によるプロジェクトおよび変更提案のリスク評価
コンプライアンスプログラムの継続的改善と効率化に向けたビジネス部門との連携構築
応募資格(必須)
GRCまたはセキュリティ関連領域における6年以上の実務経験(監査/コンサルティング経験含む)
グローバルなセキュリティ認証(ISMAP、ISO 27001/17/18、PCI、SOC 1/2等)における監査経験
コンプライアンスフレームワーク(NIST 800-53など)の詳細な理解
日本語能力および日本の規制機関(IPAなど)との実務経験
英語でのコミュニケーション能力(読み書き・会話)
セキュリティ概念の理解と実践経験
SaaSを含むクラウド環境での制御実装経験
GRCツールの使用経験
最新のサイバーセキュリティ動向の知識
複数の複雑なGRCプロジェクトの同時管理経験
チームマネジメント経験とポジティブなチーム文化の醸成能力
自律的に業務遂行可能で積極的な姿勢
変化の激しい環境での業務遂行能力
プロジェクトマネジメント経験/監査プログラム管理能力
論理的思考と細部への注意力を兼ね備えた問題解決能力
Big-4コンサル経験または同様のクラウド企業での実務経験があれば尚可
望ましい認定資格
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Job Description
This is a very dynamic high growth environment and requires being agile and flexible. Successful candidates for this role must be highly experienced in evaluating, ever evolving compliance requirements and conducting gap assessments, documenting compliance related governance documents (policies, standards etc.) and leading the third-party compliance audits end to end.You will be mentoring a team of GRC analysts and also will be well versed with risk management and risk treatment methodologies working in a similar fast-paced organization.
You are expected to have an understanding on Cloud SaaS technical environment (preferably AWS) and determine how our leading-edge technologies and controls provide satisfaction, compensation, or mitigation to the compliance standard requirements. Candidates is expected have skill set in managing audit programs in a global organization or audit program manager role. This will also involve translating the compliance requirements into language Developers, DevOps, and Leadership can apply to our environments and working closely with cross functional teams spread across multiple geographies.
Major Responsibilities/Activities
- Proactively evaluate and advise the business on new and evolving certification programs, regulatory requirements, and technologies.
- Lead comprehensive assessments of technical controls, information security policies and procedures against applicable regulations and compliance requirements. Assessments include GAP analysis, recommendations and prioritize enhancements to the security and privacy infrastructure to remove or mitigate risk.
- Effectively communicate execution status, key accomplishments, and risks that impact Genesys Cloud’s ability to achieve or maintain compliance accreditations or certifications to management.
- Evaluate and audit security control systems to address requirements.
- Advise process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures etc.).
- Provide expert guidance to Development & Operations on the appropriate selection, design, implementation, and configuration of security controls.
- Identify control deficiencies and make appropriate recommendations and drive remediation of control deficiencies.
- Proactively identify gaps or conflicts in existing processes and work to develop solutions with cross functional teams.
- Lead and program manage Third- party compliance audits.
- Collaborating effectively across multiple organizations with diverse personalities and expertise to drive to agreement on complex issues.
- Revise and maintain a library of information security and privacy policies, standards and guidelines covering all areas within the environment.
- Engage with Infrastructure and/or Architect Teams to assess the security risk of proposed projects and system/application modifications.
- Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency.
Minimum Requirements
- 6+ years of related Governance Risk and compliance and/or security experience/ auditing / consulting field in above domains.
- Working knowledge and prior experience in audit execution of a global security certification specifically ISMAP and other certification frameworks such as ISO 27001/17/18, PCI, SOC 1 / 2 and other international certification standards and frameworks.
- Detailed working knowledge of compliance frameworks (NIST 800-53 etc.).
- Japanese language proficiency and experience working with regulatory agencies in Japan (IPA – Information Technology Promotion Agency)
- Working with Global teams' ability to communicate in English (written and verbal); ability to communicate effectively across all levels of the organization.
- Good understanding of security concepts and practical usage.
- Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Software as a Service (SaaS), is a plus.
- Working knowledge of GRC tools and technologies.
- An up-to-date functioning understanding of current Cyber Security trends.
- Experience managing multiple complex GRC projects simultaneously and good project management skills.
- Prior experience working as a people manager. Ability to organize teams, define tasks to align with team and organizational goals, building accountability and a positive team culture with direct reports.
- Proactive achiever and ability to operate autonomously with minimal guidance.
- Comfortable working in a fast-paced, dynamic environment incorporating constant change as we grow.
- Project Management experience/ Audit program Management skills
- Analytical problem solver with strong organizational skills and eye for detail.
- Prior Big-4 consulting experience or prior professional experience in similar cloud-based organizations is a plus.
Desirable certifications
- One or more Information Security Certifications: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control)l, ISO 27K Lead Auditor/ Implementor or other security certification/accreditation.
#LI-GR1
#LI-Remote
If a Genesys employee referred you, please use the link they sent you to apply.
About Genesys:
Genesys empowers more than 8,000 organizations in over 100 countries to improve loyalty and business outcomes by creating the best experiences for their customers and employees. Through Genesys Cloud, the AI-powered Experience Orchestration platform, Genesys delivers the future of CX to organizations of all sizes so they can provide empathetic, personalized experience at scale. As the trusted platform that is born in the cloud, Genesys Cloud helps organizations accelerate growth by enabling them to differentiate with the right customer experience at the right time, while driving stronger workforce engagement, efficiency and operational improvements. Visit www.genesys.com.
Reasonable Accommodations:
If you require a reasonable accommodation to complete any part of the application process or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you or someone you know may reach out to HR@genesys.com. You can expect a response from someone within 24-48 hours. To ensure we set you up with the best reasonable accommodation, please provide them the following information: first and last name, country of residence, the job ID(s) or (titles) of the positions you would like to apply, and the specific reasonable accommodation(s) or modification(s) you are requesting.
This email is designed to assist job seekers who seek reasonable accommodation for the application process. Messages sent for non-accommodation-related issues, such as following up on an application or submitting a resume, may not receive a response.
Genesys is an equal opportunity employer committed to fairness in the workplace. We evaluate qualified applicants without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, marital status, domestic partner status, national origin, genetics, disability, military and veteran status, and other protected characteristics.
Please note that recruiters will never ask for sensitive personal or financial information during the application phase.
