Cybersecurity Risk Advisor Consultant

extra holidays - fully flexible
Work set-up: 
Full Remote
Contract: 
Full time
Experience: 
Senior (5-10 years)
Work from: 
Japan

Offer summary

Qualifications:

Minimum 5 years of experience in information security, cybersecurity, or consulting., Strong understanding of security frameworks like ISO/IEC 27001/27002, NIST CSF, and CIS Controls., Fluent in Japanese, with desirable fluency in English., Degree in Computer Science or Information Systems and security certifications such as CISSP, CISA, or CISM are a plus..

Key responsibilities:

  • Lead cybersecurity risk management projects and provide security consulting.
  • Support the development of CSIRT, incident management, and security governance.
  • Assist in security assessments, policy formulation, and creating security roadmaps.
  • Provide technical guidance and recommendations on security issues to clients.

Sophos logo
Sophos Large https://www.sophos.com/
1001 - 5000 Employees
See all jobs

Job description

About Us
Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AIoptimized services, technologies and products. Sophos is now the largest pureplay Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industryleading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, marketleading Taegis XDRMDR, identity threat detection and response (ITDR), nextgen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and statesponsored cybercrimes. The solutions are powered by historical and realtime threat intelligence from Sophos XOps and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary
Cybersecurity risk advisor consultants not only identify cybersecurity risks and propose solutions but also lead projects for clients facing increasingly sophisticated security threats. We provide comprehensive support through strengthening our preparedness for incident response, such as supporting the formulation of policies, conducting various training and advisories, creating procedures for strengthening the incident response system, and conducting desk exercises. In addition to experience in managing and operating systems, candidates should have a solid understanding of cybersecurity principles, recognize the importance of protecting the organizations infrastructure and information, be interested in designing training and workshops and facilitating risk assessments, CSIRT construction, etc., and be aware of the practical limitations of implementation. Even those with no consulting experience but a strong interest in cybersecurity will find valuable experience as a consultant here.

サイバーセキュリティリスクアドバイザーコンサルタントは、サイバーセキュリティリスクを特定して解決策を提案するだけでなく、ますます高度化するセキュリティ脅威に直面するクライアントのプロジェクトを主導します。ポリシーの策定支援、各種研修やアドバイザリーの実施、インシデント対応体制の強化手順の作成、机上演習の実施など、インシデント対応への備え強化などを通じて総合的な支援を行っています。システムの管理と運用の経験に加えて、候補者は、サイバーセキュリティの原則をしっかりと理解し、組織のインフラストラクチャと情報を保護することの重要性を認識し、トレーニングとワークショップを設計およびリスクアセスメントやCSIRT構築等を促進する業務に興味を持ち、実装の実際的な限界を認識している必要があります。コンサルティングの経験はないが、サイバーセキュリティに強い関心を持っている人でも、コンサルタントとして貴重な経験を積む機会がここで見つかります。

What You Will Do
  • Security consulting related to cybersecurity risk management
  • Support for CSIRT development, including incident management, security governance, strategic advisory, and other professional services with Team members
  • Assistance with security assessments and roadmap development, as well as the formulation of security policieswith Team members
  • Technical security management, including providing guidance and recommendations on businessrelated security issues with Team members
  • サイバーセキュリティリスク管理に関連するセキュリティコンサルティング
  • インシデント管理を伴うCSIRT構築支援,セキュリティガバナンス,戦略的アドバイザリー,他プロフェッショナルサービスをチームメンバーとともに提供
  • セキュリティアセスメントおよびロードマップ策定支援,セキュリティポリシー策定支援などをチームメンバーとともに提供
  • 技術的なセキュリティ管理,およびビジネス上の問題に関するガイダンスや推奨事項の提供をチームメンバーとともに提供


  • What You Will Bring
  • At least 5 years of experience in information security, cybersecurity, or consulting (e.g., security assessments, security governance, CSIRT development, incident response, vulnerability management, conducting tabletop exercisesinformation security training, system operations and maintenance, etc.)
  • Experience with and understanding of the following security frameworks: ISOIEC 2700127002, NIST Cybersecurity Framework (CSF), NIST SP 800 series, CIS Critical Security Controls
  • Fluent in Japanese

  • 情報セキュリティ、サイバーセキュリティ領域での業務もしくはコンサルティング経験5年以上例)セキュリティアセスメント、セキュリティガバナンスマネジメント、CSIRT構築、インシデント対応、脆弱性管理 ・机上訓練情報セキュリティ教育の実施経験、システム運用保守など
  • 次のセキュリティフレームワークを理解、活用した活動経験 ISO270012、NIST CSF、NIST SP800シリーズ CISクリティカルセキュリティ
  • Desirable
  • Degree in Computer Science or Information Systems
  • Security certifications (e.g., CISSP, CISA, CISM)
  • Fluent in English
  • Knowledge and experience in key security technologies, processes, and methodologies
  • コンピュータサイエンスまたは情報システム関連の学位
  • セキュリティ関連認定資格:例 CISSP、CISA、CISM等
  • プロジェクトメンバーと連携したプロジェクトリード,お客様との主体的な連携
  • -以下のようなセキュリティテクノロジー、プロセス、および方法論に関する知識と経験
  • ・リスク評価とリスク管理
  • ・インシデント管理とCSIRTの運用
  • (インシデント対応プロセス、一般的なフォレンジックツールなどについての知識)
  • ・監査、ログ記録、および監視の制御
  • ・サプライチェーンマネジメント
  • ・事業継続ディザスタリカバリ
  • ・ネットワークセキュリティ
  • (IPネットワークのアーキテクチャとテクノロジー、プロトコル、ルーティング、IDSIPSツールとアプリケーションに関する知識、ホストネットワークのアクセス制御メカニズムに関する知識)
  • ・システムセキュリティ
  • (システム、ネットワーク及びOSのハードニング技術に関する知識 例:不要なサービスの削除、パスワードポリシー、ネットワークセグメンテーション、ロギングの有効化、最小特権など、脆弱性管理、診断に関する知識)
  • ・工場やプラントなどの制御機器を制御し運用するシステム(=OT(Operational Technology))に関するセキュリティポリシー策定・アセスメント・セキュアな開発支援

  • #LIFC1
    #B1
    #LIRemote

    Ready to Join Us?
    At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they dont check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Dont let a checklist hold you back – we encourage you to apply.

    Whats Great About Sophos?
    · Sophos operates a remotefirst working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information.
    · Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
    · Employeeled diversity and inclusion networks that build community and provide education and advocacy
    · Annual charity and fundraising initiatives and volunteer days for employees to support local communities
    · Global employee sustainability initiatives to reduce our environmental footprint
    · Global fitness and trivia competitions to keep our bodies and minds sharp
    · Global wellbeing days for employees to relax and recharge
    · Monthly wellbeing webinars and training to support employee health and wellbeing

    Our Commitment To You
    We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

    Data Protection
    If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos
    •

    Required profile

    Experience

    Level of experience: Senior (5-10 years)
    Spoken language(s):
    Japanese
    Check out the description to know which languages are mandatory.

    Hard Skills

    Cyber Security ManagementRisk GovernanceIncident ResponseVulnerability ManagementSecurity ControlsInformation Systems SecurityVulnerability AssessmentsISO/IEC 27000 SeriesComputer ScienceSecurity Technology

    Other Skills

    • Teamwork
    • Communication
    • Problem Solving
    Are you interested?

    Cybersecurity Advisor Related jobs

    See more Cybersecurity Advisor jobs