Job Description

At NTT we believe that by using innovative technology we can solve global challenges and create a world that is sustainable and secure. We are looking for curious people, from diverse backgrounds, that are keen to work in a fast-paced and agile environment.
At NTT we trust our employees to do the right thing, even when no one is watching, which is why we offer flexibility in the workplace. The majority of our roles are hybrid, meaning we encourage a balance of working from home and our local office. Ask our recruitment team if this is a hybrid role. Want to be a part of our team? The Senior Compliance Officer is a global position that supports the orchestration of information security governance, risk and compliance activities for NTT Ltd.
This role supports the business and helps protect the reputation of NTT Ltd by taking responsibility for aligning IT security with business security, ensuring that information security is effectively managed in all service and business activities within this role’s remit. The primary focus for the Senior Compliance Officer role is to contribute to and maintain the security compliance programme and execute the relevant processes and controls to monitor compliance practices to avoid breaching laws, regulations, policies, contractual and other security obligations. Working at NTT Key Roles and Responsibilities

• Monitor ongoing organizational compliance with change management, logical and physical access, IT operations and other control procedures as deemed necessary by Management or Regional Information Security Officer (RISO) from time to time
• Provide oversight and monitoring of the established risk-based compliance programs
• Perform detailed tests of Compliance controls based on documented testing steps to ensure NTT Limited system compliance with policies, procedures, laws, and regulations
• Conducts complex investigations in response to complaints and/or potential violations of rules, regulations, policies and procedures
• Summarize and communicate results of testing in a timely, clear, and concise manner
• Apply critical thinking to interpret data and documentation to determine whether it adequately meets the policy and regulatory requirements, including documenting the rationale behind the decisions
• Summarize test results and data sets and incorporate results them into informative management reporting
• Communicate gaps and opportunities for improvement in testing and monitoring program so that the program is continuously improving
• Monitors investigations and documentation of cybersecurity compliance issues and incidents.
• Reviews information security risk findings and non-compliance with business leaders/RISO and proposes solutions to mitigate risks.
• Assist with adopting, standardising and configuring compliance management workflows.
• Make recommendations and assist with drafting and reviewing suitable standard operating procedures, workflow diagrams, and associated compliance and end user training documentation to align with corporate policies
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
• Receive direction from leaders and exercise independent judgment while developing the knowledge to understand function, policies, procedures, and compliance requirements
• Work closely with RISO and other business teams as required to understand IS related challenges and develop plans aimed at meeting those challenges
• Interpret information security policies, standards, and other requirements as they relate to a specific internal information system and assist with the implementation of these and other information security requirements
• Identify potential risks, incidents and problems before they occur
• Identify, classify and record problems for all recurring issues and incidents to determine their root cause and assist with ensuring that reported incidents and problems are solved and proactively reviewed to ensure the development of remedial action
• Document the learnings (what's gone well and what could have been done differently) from the compliance reviews and work on improving the processes
• Ensure the proactive management of risk and update, as well as contribute to the maintenance of a “Risk Register”
• Assist with the provision of information to senior management on risk issues and assist with the provision of a treatment plan to manage these
• Ensure that all relevant information regarding risk is accurate and kept up to date and document progress against activities identified in the risk management plan and provide regular reports on problem status
• Leverage security and risk-related systems including but not limited to:
• Vulnerability management
• Endpoint protection
• Log management/SIEM
• Hands-on knowledge of information security technologies such as security design review, threat modelling, risk analysis, and software testing techniques
• Identify opportunities and drive the implementation of automation
• Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through controls implementation
• Help ensure compliance with applicable data security laws, regulations, certifications and customer requirements
• Deliver the design and operation of related security controls and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations
• Produce non-compliance and other reports that are necessary for the correct operation of processes
• Identify failures and shortcomings in the current processes and escalate with recommendations

Knowledge Skills and Attributes

• Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts
• Results oriented, high energy, self-motivated with the ability work independently
• Ability to collaborate first and foremost and exercise cross-team co-operation and influence
• Exceptional attention to detail and takes pride in delivering demonstrated results
• Goal oriented while exhibiting persistence in follow up, escalation, and resolution
• Ability to multi-task projects, assignments and daily workload while maintaining timely deliverables
• Ability to code or willingness to learn scripting languages such as Python, PowerShell, bash, DOS etc.
• Great interpersonal skills with the ability to develop strong client (Internal / External) relationships
• Team player who is willing to develop and share IP with a strong client service orientation
• Highly developed technical capability across a broad range of Security products / solutions

Academic Qualifications and Certifications

• Relevant bachelor’s degree, such as a Computer Science degree or equivalent
• Security certifications – ISO27001 Lead Auditor; CISA, CRISC or equivalent
• Highly Desirable: Information Technology / ITILSM / ICT Security / ITIL v3 CISM

Required Experience

• 3+ years relevant experience gained within the Technology Information Security Industry
• 3+ years relevant experience with auditing, security compliance and risk management
• Demonstrable experience gained within the Technology Information Security Industry
• Demonstrable experience with auditing, security compliance and risk management
• Working knowledge of technical aspects of Information Security, which may include cloud security, application security, Identity and Access Management and infrastructure configuration & hardening, or encryption management
• Good understanding of global standards such as ISO 27001, NIST, CIS and GDPR.
• Consulting experience is advantageous

What will make you a good fit for the role?

• Have wide-ranging experience
• Flexibility to support global time zone when and as required.
• Uses professional concepts and company objectives to solve complex issues in creative ways
• Networks with others outside own area of expertise
• Exercises judgment in selecting methods, techniques and evaluation criteria to obtain results
• May coordinate others’ activities
• Typically requires significant related experience with a Bachelor’s or equivalent degree

Join our growing global team and accelerate your career with us. Apply today.



Equal opportunity employer NTT is proud to be an equal opportunity employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, color, sex, religion, national origin, disability, pregnancy, marital status, sexual orientation, gender reassignment, veteran status, or other protected category.