Sr. Governance, Risk, and Compliance Specialist

Employment Type: Full-time

Position Overview

As a global leader in cybersecurity, CrowdStrike protects the people, processes, and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe, and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation, and a fanatical commitment to our customers, our community, and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

The Sr. Governance, Risk, and Compliance Specialist is charged with leading CrowdStrike's ISMAP certification efforts while supporting broader global compliance initiatives through the company's Governance, Risk, and Compliance (GRC) program. This role will primarily focus on maintaining ISMAP certification and other international standards while ensuring alignment with CrowdStrike's global compliance framework. The position requires a deep understanding of Japanese compliance requirements alongside global security standards and frameworks.

Responsibilities

• Lead ISMAP certification processes, including documentation preparation, control implementation, and audit coordination.
• Maintain multiple compliance frameworks including SOC 2, ISO/IEC 27001:2022, ISO/IEC 27017:2015 CSA STAR, C5, PCI DSS, TISAX, and other relevant certifications.
• Facilitate internal and external audits, including evidence collection, control assessment, monitoring, and reporting.
• Conduct third-party controls evaluations and risk assessments.
• Collaborate with various internal teams to define and prioritize remediation efforts.
• Respond to customer inquiries regarding compliance and security controls.
• Develop and maintain compliance documentation in both English and Japanese.
• Perform other duties within the scope of governance, risk, and compliance as needed.

Requirements

• 5 to 8 years of information security program management experience, with most of the years preferably specialized in ISMAP.
• Native/Business level Japanese language proficiency.
• Demonstrated experience with the ISMAP certification process and requirements.
• Strong understanding of compliance certifications and frameworks like SOC 2, CSA STAR, ISO/IEC 27001:2022, ISO/IEC 27017:2015, PCI DSS, TISAX, IRAP, and NIST 800-53.
• Ability to build rapport and maintain relationships across a multitude of functions within an organization.
• Fundamental technical understanding of key technologies such as operating systems, networks, application development, databases, virtualization, and cloud infrastructure.
• Bachelor’s or Master’s degree in a related field (or equivalent experience).

Bonus Points

• Experience with Japanese government or regulated industry compliance requirements.
• Program management experience in scoping audits and/or assessments, maintaining a compliance program, and leading project initiatives.
• Ability to think strategically about a uniform compliance program.
• Relevant certifications (CISA, CISSP, ISO Lead Auditor).
• Experience with GRC tools and automation.
• Knowledge of global privacy regulations (GDPR, APPI).
• Cloud security and compliance experience.
• Project management certifications.
• Experience with CrowdStrike products or services.
• Strong documentation skills in both English and Japanese.

Additional Information

• This role may require periodic background checks consistent with regulatory requirements.
• The position offers competitive compensation and benefits, with opportunities for professional growth and development.
• #LI-DL1
• #LI-Remote

This role will require the candidate to periodically undergo and pass additional background checks consistent with regulatory requirements.