Manager, Information Security Risk Management

Woven by Toyota is the mobility technology subsidiary of Toyota Motor Corporation. Our mission is to deliver safe, intelligent, human-centered mobility for all. Through our Arene mobility software platform, safety-first automated driving technology and Toyota Woven City — our test course for advanced mobility — we’re bringing greater freedom, safety and happiness to people and society. 

Our unique global culture weaves modern Silicon Valley innovation and time-tested Japanese quality craftsmanship. We leverage these complementary strengths to amplify the capabilities of drivers, foster happiness, and elevate well-being.

TEAM The security team at Woven by Toyota is on the cutting edge of many challenging security problems. We identify emerging security threats in autonomous vehicles and help design more secure systems. We work closely with internal platform teams to provide a secure development environment through tooling and automation, allowing developers to innovate quickly without compromising security.

WHO ARE WE LOOKING FOR We are looking for a manager to lead the information security risk management function who will help us plan and perform compliance and risk assessment activities pertaining to Woven by Toyota's businesses and engineering work.

You will identify risks and vulnerabilities by working with stakeholders of diverse backgrounds. You will work on assessing any security risks pertaining to external vendors and partners and manage those risks through their lifecycle. You will be expected to work with both technical teams and senior management.

Woven by Toyota Security demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. In this role you will report to an engineering manager, in a hybrid capacity requiring your presence onsite three days per week.

RESPONSIBILITIES:

• Plan/perform compliance and risk assessment activities for information systems and related processes.
• Ensure compliance for information security policies and regulatory requirements by conducting procedural and operational review of business processes and system controls
• Communicate and escalate compliance and risk issues to the appropriate department and/or level of management.
• Evaluate technology and business-related controls for integrating business and information system security and risk mitigation efforts. Coordinate and validate business risk justification documents for government programs
• Coordinate third-party or vendor security risk assessments

MINIMUM QUALIFICATIONS:

• 6+ years experience in Information Security
• 3+ years of experience within Information Risk Management, IT audit or Security Governance function
• 3+ years of experience with regulatory compliance and information security management frameworks (e.g., ISO27001/ISO27002, NIST CSF, CMMC)
• 3+ years management experience
• Experience with multiple risk assessment methods including threat modeling, not only compliance adherence assessments.
• Excellent written and verbal communication skills
• Experience in IT auditing and technical assessments of networks, operating systems, cloud environments
• Hands-on experience in configure and working with GRC tools
• Technical expertise in the security field
• Japanese language proficiency

NICE TO HAVES:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)
• 5+ years management experience
• Experience with privacy regulations
• Experience building enterprise governance, risk, and compliance programs
• Experience with security architecture