Rakuten

PCI DSS Specialist (ISPD)

Job Summary

Conditions
  • Japan, Tokyo
  • Partial remote
  • Apply from Anywhere
Language Requirements
  • English: Business
  • Japanese: Not required
Key skills
  • Linux
  • TCP/IP
Security Engineer|RakutenSecurity Engineer|RakutenSecurity Engineer|Rakuten

Job Description

Job Role

Security Engineer

Job Description

Department Overview The role is situated within the International Standards & Systems Section (ISSS), which falls under the Information Security & Privacy Governance Department at Rakuten Group Headquarters. The primary objective of the ISSS is to implement Governance, Risk, and Compliance (GRC) practices throughout the entirety of Rakuten Group, following globally recognized best practices. Why We Hire Ensure the Payment Card Industry Data Security Standard (PCI DSS) compliance for all non-Fintech services within Rakuten Group. Make valuable contributions to multiple industries such as the PCI Security Standards Council (PCI SSC) and the Japan Card Data Security Committee (JCDSC). Position Details: This position entails the auditing and management of Payment Card Industry Data Security Standard (PCI DSS) requirements and controls throughout Rakuten Group. The department is entrusted with the responsibility of ensuring PCI DSS compliance for Rakuten Group companies operating outside the Financial Technology (FinTech) sector. The primary tasks involve evaluating controls and risks within business systems from an information security perspective. Responsibilities: Audits / Assessments ・Provide support to businesses during PCI DSS external audits through consultations, addressing inquiries, and participating in feedback sessions. ・Conduct internal PCI DSS audits for small and medium-sized businesses within the organization. ・Perform risk assessments for business and system operations, including design evaluation. Projects ・Actively participate in projects aimed at enhancing PCI DSS standards and contribute to their improvement.

Required skills & Experience

Basic qualifications

- Bachelor’s degree in an IT-related major. - 4+ years working experience. - Basic skills and knowledge on IT infrastructure. (TCP/IP, network, Linux/Windows OS, authentication, directory service). - 2 years’ experience in development, or -2 years’ operation on information systems (applications or infrastructures) OR 2 years’ experience in information security or relevant areas. - English level: TOEIC 800 or above

Preferred qualifications

- Qualification: QSA, ISA, PCIP, ISO27001 Internal Auditor or CISA - Work Experience - PCI DSS Assessments - Risk Management - Internal Audit - System Development/Operation

Tech stack

The PCI DSS team comprises four members with diverse backgrounds, led by a senior manager. Each member primarily functions as a PCI DSS auditor. Additionally, two team members have dual responsibilities, as they are also responsible for the operation and development of the Governance, Risk, and Compliance (GRC) tool, specifically RSA Archer. Presently, the team is comprised of three mid-career professionals, along with a new graduate of 2022. The team leader is the first and the only Board of Advisors of PCI SSC(the international organization for payment security standards) from Japan, with one staff as his backup. Moreover, a senior specialist within the team serves as a Technology Advisory Board member for the PCI SSC, contributing their expertise to the development and advancement of payment security standards. Furthermore, two team members actively participate as members of the administrative office of the Japan Card Data Security Committee (JCDSC), a local community focused on promoting and enhancing payment security practices within Japan.

Job Details

Employment type
Full-time
Location
Japan, Tokyo
Apply from
Anywhere
Remote work
Partial remote
Working hours
9:00am - 5:30pm (Every Monday, work hours are from 8:00am to 4:30pm due to morning meeting)
Holidays
・2 days off per week (Saturdays, Sundays, and national holidays are holidays)
・10-20 days of annual paid vacation (the minimum number of days is the number of days granted after six months of employment)
・120 days off per year
In addition, year-end and New Year vacations, paid vacation, congratulation or condolence leave, maternity and paternity leave, etc.
*Once a year, you can take 9 to 12 consecutive holidays by using the long vacation (Success Vacation) system.
Employee benefits
・Commuting allowance
・Housing allowance
・Health insurance
・Employee pension insurance
・Unemployment insurance
・Workers' accident compensation insurance
・Retirement allowance system
Supplemental education and qualification support
・OJT
・English learning support (in-house TOEIC(R) test IP test, English conversation, etc.)
・Career challenge system (challenge the department of your choice)
・Job return system (rehiring system for those who retired due to marriage, childbirth, nursing care, etc.), etc.
Other
・Stock Option Plan
・Cafeteria system with three free meals
・LILO Club (preferential treatment at sports clubs, accommodations, leisure facilities, movie theaters, etc.)
・LILO Club (sports clubs, lodging, leisure facilities, movie theaters, etc.) (Running, mountain climbing, cooking, etc., part of the expenses paid by the company)
・Reward system
・Free English conversation lessons by native English speakers
・Support system for certification acquisition
・Qualification support system, etc.
You must agree to the terms and conditions and the privacy policy