Chief Information Security Officer
The Okinawa Institute of Science and Technology Graduate University (OIST) will become a model for change in education and research with the best international graduate students, working side by side with world-class faculty in modern well-equipped laboratories. Beautifully situated on the island of Okinawa, OIST relies on a cross-disciplinary approach, with an emphasis on creativity and exchange, to offer unique, individualized graduate training. OIST is a university with no departments, eliminating artificial barriers between people working in different fields, but many nationalities, with students and faculty being attracted from all over the world. Concentrating initially on Neuroscience, Molecular Sciences, Mathematical Sciences, Environmental and Ecological Sciences and Physical Sciences, OIST is bringing some of the best brains in the world to Okinawa to transform the way science and education is done in the global academic world.
The CISO serves a key role in university leadership, working closely with senior administration, research executives, and the OIST community. The CISO is an advocate for the university's overall information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of the university.
The CISO leads the development and implementation of a security program that leverages collaborations and OIST-wide resources, facilitates information security governance, advises executives on security direction and resource investments, and designs appropriate policies to manage information security risk.
The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other stakeholders to set the best balance between security strategies and other priorities at OIST.
The primary responsibilities of this role are:
- Accountable for the strategic leadership of the University's information security program.
- Work with executives and stakeholders to oversee the formation and operations of a university-wide information security organization that is organized toward a common goal in information security.
- Lead information security planning processes to establish an inclusive and comprehensive information security program for all OIST information assets, including personal information and all other critical OIST information assets.
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Lead efforts to risk assessment and make recommendations to stakeholders regarding the adequacy of the security controls for the University's information asset and privacy protection.
- Make recommendation and audit business continuity planning related to information technology and security
- Develop education and awareness programs and advise administrative division and research units at all levels on security issues, best practices, and vulnerabilities as necessary.
- Keep abreast of security incidents and act as primary control point during significant information security incidents and report to the President as appropriate. Convene a Security Incident Response Taskforce as needed, or requested, in addressing and investigating security incidences that arise.
- Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain appropriate relationships with audit entities and provide a consistent perspective.
- Examine impacts of new technologies on the university's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
- Ensure information, application and service security by developing, testing, communicating and maintaining security services, including;
- penetration testing
- vulnerability scanning and mitigation
- event and incident response plans
- related security services
- Function as an internal consulting resource regarding information security, working across the university at all levels and with vendors to build trust and ensure that systems and services developed or upgraded conform to security requirements.
- Manage the Information Security Section to ensure that OIST information security is fostered, monitored and issues addressed in day to day operation.
- Mentor the Information Security Section members and implement professional development plans for all members of the section.
- Bachelor’s Degree in computer science or equivalent experience
- CISSP, CISM or equivalent certification
- At least 7 years of management or team leadership experience
- At least 10 years of experience in the information security management for your own organization
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST
- Knowledge of personal information regulation, such as Japanese Personal Information Protection Law and GDPR
- Hands-on technical experience with SIEM or log management system
- Hands-on experience with security incidents and data forensics
- Excellent written and verbal communication skills
- Knowledge and experience in maintaining operational computer and network security, firewall administration, virus protection, intrusion detection and prevention, identity and access management, application security, automated security patching, and vulnerability scanning systems
- Ability to cooperatively and effectively work with stakeholder from all organizational levels and build consensus through negotiation and discussion
- Proven project management skills
- Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status as well as knowledge of information systems technology, products, services
- At least business level Japanese (JLPT N2 or above)
- At least business level English (TOEIC 750 or above)
- Professional experience with information security in education environments preferred
Term & Working Hours
Term: Full-time, fixed term appointment for 2 years. Contract initially with 3-month probationary period (inclusive). This contract may be renewed.
Working hours: 9:00-17:30(Discretionary)
Compensation & Benefits
In accordance with the OIST Employee Compensation Regulations
Relocation, housing and commuting allowances
Annual paid leave and summer holidays
Health insurance (Private School Mutual Aid http://www.shigakukyosai.jp/ )
Welfare pension insurance (kousei-nenkin)
Worker's accident compensation insurance (roudousha-saigai-hoshou-hoken)
How To Apply
Apply by uploading your submission documents HERE*.
*This is a secure file uploading system for handling confidential materials.
or apply by emailing your Submission Documents to:
(Please replace [at] with @ before using this email address)
or send by post to the following address:
HR Recruiting Section
Okinawa Institute of Science and Technology Graduate University
1919-1, Onna, Onna-son, Okinawa 904-0495, Japan
1) Curriculum vitae in English, including response to requirements for Responsibilities and Qualifications.
2) Cover letter in English.
* Please be sure to indicate where you first saw the job advertisement.
* Up to 3 references may be requested during the final interview stage.
* Prior to the start of employment all new hires are required to successfully complete a background check. Personal information including employment history and academic background should be submitted to third-party administrators after a conditional offer of employment.
Application Due Date
- OIST Graduate University is an equal opportunity, affirmative action educator and employer and is committed to increasing the diversity of its faculty, students and staff. The University strongly encourages applications from underrepresented groups.
- Information provided by applicants or references will be kept confidential, documents will not be returned. All applicants will be notified regarding the status of their applications.
- Please view OIST policy for rules on external professional activities
- Further details about the University can be viewed on the OIST website www.oist.jp.