Senior Security Compliance Analyst
Description
Job Description
【グローバルな視点と日本の基準を繋ぐ、セキュリティ・コンプライアンスのスペシャリストを募集】 Zendeskの東京オフィスにて、日本のISMAPやJ-SOX対応をリードし、グローバルチームと連携しながらクラウドネイティブなセキュリティ体制を構築するSenior Security Compliance Analystを募集しています。単なる「監査」に留まらず、AWS等の最新技術を活用し、エンジニアリングチームの戦略的パートナーとして活躍いただける、やりがいのあるポジションです。
Join Zendesk Tokyo as a Senior Security Compliance Analyst to bridge global standards with Japanese requirements (ISMAP/J-SOX). This is a high-impact, "partner-first" role where you will collaborate with global engineering teams to secure our cloud-native environment while navigating the local regulatory frontier.
Who we’re looking for
At Zendesk, we believe trust is the foundation of every customer relationship. We are seeking a sophisticated GRC professional who thrives at the intersection of Cloud Technology and Regulatory Strategy.
You are a "Security Advocate" who understands that in a high-velocity SaaS environment, compliance must be as agile as the code itself. You are comfortable navigating the nuances of Japanese local requirements while ensuring alignment with global standards like HIPAA and PCI DSS.
What you’ll be doing
As a cornerstone of our APAC Security Compliance team, you will:
Strategic Advisory: Research and interpret evolving laws (including Japan’s AI Guidelines) to provide clear, actionable compliance roadmaps.
Risk & Audit Leadership: Lead comprehensive risk assessments and audits, ensuring our IT controls are both robust and effective.
Control Design: Establish and refine audit procedures for SOX, HIPAA, and international privacy laws within a "Cloud-Native" framework.
Cross-Functional Partnership: Act as a consultant to Product and Engineering teams to remediate findings through automated, scalable solutions.
Continuous Monitoring: Document and manage the lifecycle of compliance issues, ensuring Zendesk’s "Trust" brand remains undisputed.
What you bring to the role
You combine a rigorous analytical eye with the communication skills of a consultant. You are comfortable diving into technical logs but can also present risk findings to senior leadership with ease.
Basic Qualifications
Experience: 4–6 years in Information Security, IT Audit, or GRC, preferably within a software or technology-driven environment.
Framework Mastery: Solid understanding of ISO 27001 (ISMS) or SOC2 and how these controls apply to a cloud-based product.
Audit Provenance: Experience conducting internal risk assessments or participating in at least one full audit cycle (e.g., J-SOX, PCI DSS, or PrivacyMark).
Cloud Literacy: Practical knowledge of security in environments like AWS, Azure, or GCP (managing access, encryption, and logs).
Language: Business-level Japanese (for documentation and local stakeholder meetings) and business-level English (for global policy alignment and team collaboration).
Preferred Qualifications
ISMAP Specialist: Direct experience with ISMAP (Information System Security Management and Assessment Program) registration or maintenance.
AI Governance: Familiarity with emerging AI regulations, particularly regarding data privacy in LLMs and Agentic AI.
Technical Depth: Ability to perform technical verification (e.g., checking AWS Config or reviewing a Terraform script) rather than just checking a spreadsheet.
Automation Focus: Experience using GRC tools (like Vanta, Drata, or ServiceNow) to automate evidence collection.
Certifications: Holder of CISA, CRISC, or CISSP.
Ready to help us protect the future of CX?
Zendesk is an equal opportunity employer. We value diversity and are committed to creating an inclusive environment.
「カジュアルな面談も歓迎いたします。まずは情報交換から始めませんか?」
[Keywords / 検索キーワード] セキュリティコンプライアンス / IT監査 / 内部監査 / GRC / ISMS / ISO27001 / SOC2 / ISMAP / J-SOX / クラウドセキュリティ / AWS / データプライバシー / AIガバナンス / 外資系IT / ビジネス英語 / リスクマネジメント
#LI-MJ1
Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.
The intelligent heart of customer experience
Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.
Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working, enables us to purposefully come together in person, at one of our many Zendesk offices around the world, to connect, collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.
As part of our commitment to fairness and transparency, we inform all applicants that artificial intelligence (AI) or automated decision systems may be used to screen or evaluate applications for this position, in accordance with Company guidelines and applicable law.
Zendesk is an equal opportunity employer, and we’re proud of our ongoing efforts to foster global diversity, equity, & inclusion in the workplace. Individuals seeking employment and employees at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, disability, military or veteran status, or any other characteristic protected by applicable law. We are an AA/EEO/Veterans/Disabled employer. If you are based in the United States and would like more information about your EEO rights under the law, please click here.
Zendesk endeavors to make reasonable accommodations for applicants with disabilities and disabled veterans pursuant to applicable federal and state law. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre-employment testing, or otherwise participate in the employee selection process, please send an e-mail to peopleandplaces@zendesk.com with your specific accommodation request.