Mission Statement:

In cybersecurity, we safeguard our business and ensure the delivery of top-tier, secure products and services to our customers. In cybersecurity risks management for suppliers, we collaborate in multi-stakeholder partnerships to protect our supply chain from any organizational risks. Together, we secure our supply chain by assessing, monitoring, and addressing any risks identified within our supply base.

In collaboration with other departments, the job holder will review observations from the cyber risk assessment, offer recommendations to address these findings, and monitor remediation actions with suppliers until they are fully closed.

Your Responsibilities:

• Cyber Risk Strategy: Create and share the remediation plan and corresponding timelines with the relationship manager. Evaluate and confirm the remediation timeline proposed by the supplier. Report and monitor the progress of supplier cyber risk remediation efforts. Implement the supplier exit plan to recover or obtain proof of the destruction of Hitachi Energy data.

• Stakeholder Coordination: Builds relationships with business teams within the organization to support supplier cyber risk management activities from their respective teams.

• Technology and Tools: Record the issue in the risk management platform. Leverage technology and cyber risk management tools to enhance incident response capabilities.

• Living Hitachi Energy’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.

Your Background:

• Bachelor’s/ master’s degree in information technology or related field.

• 2-3 years’ experience in information technology.

• Deep understanding of information security and risk frameworks/standards such as ISO27001/2/5, ISO31000, NIST CSF/800-53.

• Certified as an ISO 27001 Lead Implementor/Auditor.

• Knowledge of Service Now and BitSight is preferable.

• Working knowledge of key risk areas such as compliance risk / regulatory risk and one or more of the following domains like Security Governance and Management, Security Policies and Procedure, Application Management Controls, Identity and Access Management Control, Supplier Risk Management, Incident Response, Cyber Resilience, Privacy and Data Protection Cloud Security, Business Continuity and Disaster Recovery

• Excellent stakeholder management along with interpersonal, verbal, written and communication skills.

• Experience with internal controls, risk assessments, business process, and/or internal IT control testing.

• Proficiency in both spoken & written English language is required.