About Netskope
- Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.
Job Responsibilities
- Prepare and lead Netskope to obtain and maintain Information system Security Management and Assessment Program (ISMAP) government certification/registration for the Japanese Market, including maintaining ongoing compliance for the InfoSec Registered Assessors Program (IRAP) for the Japan Market.
- Coordinate and support the audit of the Netskope cloud platform with relation to the above certifications, leading evidence gathering and validation, and meeting with both internal and external stakeholders as needed.
- Analyze evidence collected and determine whether evidence meets program requirements.
- Educate internal stakeholders on program control requirements, translating control requirements into business requirements.
- Perform the role as the primary in-country contact and liaison with Japan Independent Administrative Agency Information-technology Promotion Agency (IPA) on all matters related to the ISMAP registration and ongoing compliance
- Build and maintain healthy business relationships with external auditors and have the conviction to respectfully challenge control interpretations and be able to speak confidently to compensating controls, where warranted.
- Assemble, submit, and maintain program packages, including the application (Declaration Document), control responses, audit attestation and report
- Where required properly scope and select compliance program control objectives to align with the functionality of the Netskope platform and features provided as a part of the compliance program packages.
- Develop and maintain all program Control Mappings, reviewing control description and related policy documents and identifying and remediating any gaps between control description and program control criteria.
- Ensure Netskope Policies and Procedures and ISO 27001 Information Security Management System (ISMS) Manual align with program criteria requirements including but not limited to ISMS Plan, Policies, and Procedures.
- Work closely with internal stake holder and control owner teams (Engineering, Support, HR, etc) to ensure all the Security and Compliance controls are operating effectively to sufficiently address the underlying risk of the security and compliance requirements of the framework.
- Proactively maintain awareness of emerging regional trends and changes to Industry Standards and benchmarks in the APAC region.
- Assist in recommending alternative approaches for risk mitigation
- Develop and maintain mandatory documentation (i.e., ISMAP and IRAP program packages and supporting documents) in support of audits and customer compliance needs
- Manage and complete customer risk assessments including audits and evidence collection from relevant stakeholders
- Monitor control effectiveness and escalate where issues are identified
- Contribute and co-manages KPI programs including monitoring and metrics
- Ensure program audit findings and improvement areas are managed, tracked and remediated in a timely manner and communicate risk to Netskope management.
- Collaborate with Internal Audit and other assessors on technical audits
- General knowledge of cyber security and cloud technologies to secure an organization.
- General knowledge of risk management and how to use risk management in a security program.
- Analyze evidence collected and determine whether evidence meets program requirements.
- Educate internal stakeholders on program control requirements, translating control requirements into business requirements.
- Perform the role as the primary in-country contact and liaison with Japan Independent Administrative Agency Information-technology Promotion Agency (IPA) on all matters related to the ISMAP registration and ongoing compliance
- Build and maintain healthy business relationships with external auditors and have the conviction to respectfully challenge control interpretations and be able to speak confidently to compensating controls, where warranted.
- Assemble, submit, and maintain program packages, including the application (Declaration Document), control responses, audit attestation and report
Qualifications
- A minimum of five (5) years’ experience in Information Security and/or Technology, related cybersecurity regulatory compliance experience
- College Degree or equivalent in experience.
- Prefer candidates with technical and IT security certifications, such as CISSP, CISM, CISA or equivalent.
- Knowledge of compliance frameworks such as ISMAP, IRAP, SOC 2, ISO 27001, NIST, PCI, etc.
- Language Proficiency: Fluent in reading and writing Japanese and English.
- Knowledge of common IT systems (Operating Systems, network devices, applications), Core IT processes/services such as SDLC, Identity and Access Management, Vulnerability Management, Backup and DR processes will be useful
- Experience with AWS, Azure & GCP environments is a plus.
- Good interpersonal, verbal and written communication skills. It is important that the candidate is a team player and possesses strong organizational and planning skill
- Ability to connect and communicate with both business and IT technical staff including IT and Business management.
Required Skills & Experience
- Highly analytical with the ability to present analysis.
- Excellent written and verbal communication.
- Experience in performing risk assessments, describing compensating controls and prioritizing control implementation based on risk.
- Experience in maintaining metrics and measures.
- Experience in supporting customer audits
- General understanding of cloud technologies
- General understanding of meeting multiple federal and industry compliance frameworks such as PBMM, CSA STAR, HIPAA, PCI-DSS, etc.
Preferred Skills
- Knowledge and experience in managing GRC tools.
- Experience with vulnerability management tools and vulnerability risk analysis
- Ability to be an active member of a team
- Ability to communicate effectively (written and verbal)
- Self-motivated to work on tasks independently within the team
- Ability to educate other members of the on existing processes and technologies
- Self starter and quick learner
- GL-1
- Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.
- Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.
- The application window for this position is expected to close within 50 days. You may apply by filling out the below information, or visiting our Netskope Careers site.
