Rakuten | Security Engineer

Security Engineer

Department Overview
The role is situated within the International Standards & Systems Section (ISSS), which falls under the Information Security & Privacy Governance Department at Rakuten Group Headquarters. The primary objective of the ISSS is to implement Governance, Risk, and Compliance (GRC) practices throughout the entirety of Rakuten Group, following globally recognized best practices.

Why We Hire
Ensure the Payment Card Industry Data Security Standard (PCI DSS) compliance for all non-Fintech services within Rakuten Group.

Make valuable contributions to multiple industries such as the PCI Security Standards Council (PCI SSC) and the Japan Card Data Security Committee (JCDSC).

Position Details:
This position entails the auditing and management of Payment Card Industry Data Security Standard (PCI DSS) requirements and controls throughout Rakuten Group. The department is entrusted with the responsibility of ensuring PCI DSS compliance for Rakuten Group companies operating outside the Financial Technology (FinTech) sector. The primary tasks involve evaluating controls and risks within business systems from an information security perspective.

Responsibilities:
Audits / Assessments
・Provide support to businesses during PCI DSS external audits through consultations, addressing inquiries, and participating in feedback sessions.
・Conduct internal PCI DSS audits for small and medium-sized businesses within the organization.
・Perform risk assessments for business and system operations, including design evaluation.

Projects
・Actively participate in projects aimed at enhancing PCI DSS standards and contribute to their improvement.

- Bachelor’s degree in an IT-related major.
- 4+ years working experience.
- Basic skills and knowledge on IT infrastructure.
(TCP/IP, network, Linux/Windows OS, authentication, directory service).
- 2 years’ experience in development, or
-2 years’ operation on information systems (applications or infrastructures) OR 2 years’ experience in information security or relevant areas.
- English level: TOEIC 800 or above

- Qualification: QSA, ISA, PCIP, ISO27001 Internal Auditor or CISA
- Work Experience
- PCI DSS Assessments
- Risk Management
- Internal Audit
- System Development/Operation

The PCI DSS team comprises four members with diverse backgrounds, led by a senior manager. Each member primarily functions as a PCI DSS auditor. Additionally, two team members have dual responsibilities, as they are also responsible for the operation and development of the Governance, Risk, and Compliance (GRC) tool, specifically RSA Archer.

Presently, the team is comprised of three mid-career professionals, along with a new graduate of 2022. The team leader is the first and the only Board of Advisors of PCI SSC(the international organization for payment security standards) from Japan, with one staff as his backup. Moreover, a senior specialist within the team serves as a Technology Advisory Board member for the PCI SSC, contributing their expertise to the development and advancement of payment security standards.

Furthermore, two team members actively participate as members of the administrative office of the Japan Card Data Security Committee (JCDSC), a local community focused on promoting and enhancing payment security practices within Japan.