Risk and Compliance Manager

About HOYA

Founded in 1941 in Tokyo, Japan, Hoya is a global med-tech company, and a leading supplier of innovative high-tech and medical products. Hoya is active in the fields of healthcare and information technology providing eyeglasses, medical endoscopes, intraocular lenses, optical lenses as well as key components for semiconductor devices, LCD panels and HDDs. With about 160 offices and subsidiaries worldwide, Hoya currently employs a multinational workforce of about 38,000 people.

Job Purpose

To protect and enhance the organization's digital systems and processes by developing and implementing strategies, policies, and procedures that mitigate risks and ensure business continuity during disruptive events. Collaborate with cross-functional teams to identify, assess, and prioritize digital related risks, while ensuring compliance with industry standards and regulations. By developing comprehensive digital system recovery plans, coordinating recovery efforts, and fostering stakeholder engagement this role will play a pivotal role in safeguarding the organization's systems and data and minimizing interruptions to operations.

Job Responsibilities

1. Risk Management:

2. Conducts risk assessments for various departments and functions, analyzing potential business impact due to loss of digital systems

3. Identify, analyze, and evaluate digital systems and data related risks, including potential threats, vulnerabilities, and impacts on business continuity

4. Develop and implement risk mitigation strategies and controls to minimize the likelihood and impact of disruptions

5. Conduct regular risk assessments and gap analyses to identify emerging risks and recommend appropriate risk treatment measures

6. Monitor and report on risk indicators and metrics to ensure proactive risk management

7. Business Continuity Planning:

8. Align recovery time and point objectives with requirements from the business and technical/financial viability for critical systems

9. Ensure system specific recovery playbooks for critical digital systems are designed, documented and maintained by the relevant technical teams, and capable to support the agreed recovery time, and point objectives

10. Develop comprehensive continuity plans with the business that defines how they will continue to operate while system recovery is ongoing; reviews, revises, and expands existing plans and protocols

11. Ensure business continuity plans are developed, owned and maintained by business stakeholders

12. Conduct regular tests, drills, and exercises to validate the effectiveness of system recovery plans and identify areas for improvement

13. Compliance and Regulatory Requirements:

14. Stay up to date with relevant industry standards, best practices, and regulatory requirements related to IT risk management and business continuity

15. Ensure compliance with applicable laws, regulations, and contractual obligations

16. Conduct periodic audits and assessments to evaluate compliance

17. Implement corrective actions for compliance gaps

18. Stakeholder Engagement:

19. Collaborate with internal stakeholders, including IT teams, executive management, and business units, to understand their requirements and align risk management and business continuity initiatives with organizational goals

20. Provide guidance and support to business units during the development and implementation of business continuity plans

21. Act as a subject matter expert on IT risk management and business continuity, providing training and awareness programs to enhance the organization's overall resilience

22. Develops (with support from vendor) and provides staff training on risk management/business continuity and disaster recovery

23. Support the Group IT Director, Head of Security in the definition of the strategic orientations of digital risk management at Hoya

24. Participates in the organization's business continuity planning together with HSE, Risk to align the organizations emergency management plan with established best practices

Internal Relationships:

• Hoya BCM Sponsors, CEO's office, IT Security Committee, IT Audit, Internal Control, Risk, etc.

External Relationships:

• 3rd party vendor (e.g., SOC) and external auditor, local regulation authorities

Education/Training Qualifications:

• University degree/College diploma in the field of computer science and/or information security

Experience:

• 10+ years' experience, preferably with a background in IT Operations and Risk governance process

• Proven experience developing and implementing IT business continuity plans and strategies

• Excellent strategic, problem solving, and analytical skills

• Background in hypothetical situations and concepts and to identify risks and weaknesses in various business processes

• Ability to collaborate with others to develop an emergency plan

• Strong knowledge of IT risk management frameworks, such as ISO 27001, NIST Cybersecurity Framework, or COBIT

• Familiarity with relevant regulatory requirements (e.g., GDPR, HIPAA, SOX) and industry standards (e.g., PCI DSS)

• Excellent analytical and problem-solving skills, with the ability to assess and prioritize risks effectively

• Strong communication and interpersonal skills to collaborate with stakeholders at all levels

• Experience in incident response and crisis management is preferred

• Professional certifications such as Certified Business Continuity Professional (CBCP) or Certified Information Systems Security Professional (CISSP) are a plus

• Creation, management or administration of policies and processes with superior written and verbal communication skills