Senior Security Compliance Analyst

Job Description 【グローバルな視点と日本の基準を繋ぐ、セキュリティ・コンプライアンスのスペシャリストを募集】 Zendeskの東京オフィスにて、日本のISMAPやJ-SOX対応をリードし、グローバルチームと連携しながらクラウドネイティブなセキュリティ体制を構築するSenior Security Compliance Analystを募集しています。単なる「監査」に留まらず、AWS等の最新技術を活用し、エンジニアリングチームの戦略的パートナーとして活躍いただける、やりがいのあるポジションです。 Join Zendesk Tokyo as a Senior Security Compliance Analyst to bridge global standards with Japanese requirements (ISMAP/J-SOX). This is a high-impact, partner-first role where you will collaborate with global engineering teams to secure our cloud-native environment while navigating the local regulatory frontier. Who we’re looking for At Zendesk, we believe trust is the foundation of every customer relationship. We are seeking a sophisticated GRC professional who thrives at the intersection of Cloud Technology and Regulatory Strategy . You are a Security Advocate who understands that in a high-velocity SaaS environment, compliance must be as agile as the code itself. You are comfortable navigating the nuances of Japanese local requirements while ensuring alignment with global standards like HIPAA and PCI DSS. What you’ll be doing As a cornerstone of our APAC Security Compliance team, you will: Strategic Advisory: Research and interpret evolving laws (including Japan’s AI Guidelines) to provide clear, actionable compliance roadmaps. Risk & Audit Leadership: Lead comprehensive risk assessments and audits, ensuring our IT controls are both robust and effective. Control Design: Establish and refine audit procedures for SOX, HIPAA, and international privacy laws within a Cloud-Native framework. Cross-Functional Partnership: Act as a consultant to Product and Engineering teams to remediate findings through automated, scalable solutions. Continuous Monitoring: Document and manage the lifecycle of compliance issues, ensuring Zendesk’s Trust brand remains undisputed. What you bring to the role You combine a rigorous analytical eye with the communication skills of a consultant. You are comfortable diving into technical logs but can also present risk findings to senior leadership with ease. Basic Qualifications Experience: 4–6 years in Information Security, IT Audit, or GRC, preferably within a software or technology-driven environment. Framework Mastery: Solid understanding of ISO 27001 (ISMS) or SOC2 and how these controls apply to a cloud-based product. Audit Provenance: Experience conducting internal risk assessments or participating in at least one full audit cycle (e.g., J-SOX, PCI DSS, or PrivacyMark ). Cloud Literacy: Practical knowledge of security in environments like AWS, Azure, or GCP (managing access, encryption, and logs). Language: Business-level Japanese (for documentation and local stakeholder meetings) and business-level English (for global policy alignment and team collaboration). Preferred Qualifications ISMAP Specialist: Direct experience with ISMAP (Information System Security Management and Assessment Program) registration or maintenance. AI Governance: Familiarity with emerging AI regulations, particularly regarding data privacy in LLMs and Agentic AI. Technical Depth: Ability to perform technical verification (e.g., checking AWS Config or reviewing a Terraform script) rather than just checking a spreadsheet. Automation Focus: Experience using GRC tools (like Vanta, Drata, or ServiceNow ) to automate evidence collection. Certifications: Holder of CISA, CRISC, or CISSP . Ready to help us protect the future of CX? Zendesk is an equal opportunity employer. We value diversity and are committed to creating an inclusive environment. 「カジュアルな面談も歓迎いたします。まずは情報交換から始めませんか？」 [Keywords / 検索キーワード] セキュリティコンプライアンス / IT監査 / 内部監査 / GRC / ISMS / ISO27001 / SOC2 / ISMAP / J-SOX / クラウドセキュリティ / AWS / データプライバシー / AIガバナンス / 外資系IT / ビジネス英語 / リスクマネジメント #LI-MJ1 Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving ... (truncated, view full listing at source)