Job Description

The Data Protection & Information Security Efficacy Manager reports to the Business Information Security Officer (BISO) and collaborates with business and IT colleagues to deliver critical capabilities in support of strategic information security goals. This includes the operational management of data protection solutions, the delivery and reporting of information security program metrics, the adversary simulation services, contributions to security awareness & training and other business-facing information security services as assigned. The role requires excellent communication skills and the ability to support multiple efforts across information security disciplines.

As a member of the Information Security team and under the supervision of BISO, the Data Protection & Information Security Efficacy Manager is responsible for execution and maintenance of information protection solutions in alignment with the IS strategy and roadmap. Responsibilities include configuring and managing information security capabilities and rules/policies; monitoring control effectiveness; and partnering with business and IT teams to drive timely remediation. The role also supports the ongoing identification, classification, and protection of vital and restricted (“crown jewel”) data. Additional responsibilities include developing, maintaining, and reporting key metrics that demonstrate the performance, value, and maturity of the information security program. The individual will also contribute to the information security awareness program by supporting continuous education activities, including recurring phishing simulations. This role requires the ability to manage multiple priorities simultaneously, while operating independently with limited supervision.

Data Protection

• Configure, operate, and maintain DSPM and data protection technology platform, including classifiers, policies, correlation logic, and enforcement controls—to ensure consistent alignment with the enterprise information protection strategy.

• Partner with business and IT teams to identify vital and sensitive company data and implement the appropriate protection controls.

• Monitor and respond to alerts or reports of potential information or data exposure, coordinating with SOC and IT teams as needed to ensure timely analysis and response.

• Perform root cause analysis for identified threats or exposure events and drive corrective actions to prevent recurrence.

• Maintain, refine, and enhance information protection rulesets in collaboration with information security, business stakeholders, and IT teams, supporting the identification, remediation, or mitigation of data protection gaps.

Information Security Program Metrics

• Responsible for collection, analysis, and reporting of key performance indicators (KPIs) and key risk indicators (KRIs) across all information security program domains to measure control effectiveness and overall program maturity. ​

• Develop and maintain near–real‑time dashboards that provide transparency into program performance, risk trends, and operational metrics for stakeholders and leadership.

• Conduct periodic benchmarking of the information security program by coordinating with BISO, Information Security, IT, and other stakeholders to evaluate progress against internal targets and industry standards.

Adversary Simulation & Penetration Testing

• Partner with IS and IT teams to execute the organization’s annual strategy and roadmap for adversary simulations and internal and external penetration testing across network, web applications, and critical systems.

• Support with overseeing third party selection, planning and execution of internal and external testing activities, ensuring alignment with approved methodologies and rules of engagement.

• Evaluate and synthesize test results to identify systemic risks, control weaknesses, and emerging patterns.

• Partner with security, IT, and business stakeholders to ensure remediation actions are prioritized, tracked, and validated.

• Prepare input and summaries for executive‑level reporting on testing outcomes, risk posture, and improvements to strengthen overall security resilience.

Security Awareness & Training

• Support the BISO in the development and delivery of organization-wide information security training content.

• Establish and publish technical security guidance in coordination with information security colleagues.

• Participate in the design and assessment of phishing simulation campaigns to assess employee awareness through the company’s phishing delivery platform.

To be successful in this Information Security Assurance Manager role, you must have and maintain knowledge of the information and cybersecurity frameworks and best practices, exhibit strong analytical skills and judgement, and demonstrate excellent communication in collaboration with stakeholders. You must also stay up to date with industry advancements and continuously improve security protocols to protect the organization's data from threats.

Qualifications/ Required

Knowledge/ Experience and Skills:

• 8+ years of experience in information security, including experience in data loss protection, insider risk management, information security metrics and simulations.

• Experience with Data Protection platforms BigID and Purview.

• Experienced in building Power BI dashboards, integrating data through API connections, and developing automation workflows to streamline reporting and operational processes.

• Excellent communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical stakeholders, both verbally and written.

• Experience with cloud security (e.g., AWS, Azure, Google Cloud) is desirable.

• Strong understanding of cybersecurity frameworks and best practices.

• Convey a can-do approach, even in the face of obstacles and constraints, by assessing what is in front of you and effectively and efficiently optimizing what you have, whether it is working on something new or thinking about how to do something better.

• Demonstrate teamwork and communication skills through knowledge sharing, collaboration, and relationship-building.

• Exhibit the capacity to actively learn and apply specific domain knowledge and best practices to continually enhance and improve.

Educational Qualifications

• Bachelor’s degree in computer science, Information Security, or a related field.

• Certifications such as CISSP, CISM, CISA, or similar are highly desirable.

Competencies
Accountability for Results - Stay focused on key strategic objectives, be accountable for high standards of performance, and take an active role in leading change.
Strategic Thinking & Problem Solving - Make decisions considering the long-term impact to customers, patients, employees, and the business.
Patient & Customer Centricity - Maintain an ongoing focus on the needs of our customers and/or key stakeholders.
Impactful Communication - Communicate with logic, clarity, and respect. Influence at all levels to achieve the best results for Otsuka.
Respectful Collaboration - Seek and value others’ perspectives and strive for diverse partnerships to enhance work toward common goals.
Empowered Development - Play an active role in professional development as a business imperative.

Minimum $121,103.00 - Maximum $181,125.00, plus incentive opportunity: The range shown represents a typical pay range or starting pay for individuals who are hired in the role to perform in the United States. Other elements may be used to determine actual pay such as the candidate’s job experience, specific skills, and comparison to internal incumbents currently in role. Typically, actual pay will be positioned within the established range, rather than at its minimum or maximum. This information is provided to applicants in accordance with states and local laws.

Application Deadline This will be posted for a minimum of 5 business days.

Company benefits: Comprehensive medical, dental, vision, prescription drug coverage, company provided basic life, accidental death & dismemberment, short-term and long-term disability insurance, tuition reimbursement, student loan assistance, a generous 401(k) match, flexible time off, paid holidays, and paid leave programs as well as other company provided benefits.

Come discover more about Otsuka and our benefit offerings; https://www.otsuka-us.com/careers-join-otsuka

Disclaimer:

This job description is intended to describe the general nature and level of the work being performed by the people assigned to this position. It is not intended to include every job duty and responsibility specific to the position. Otsuka reserves the right to amend and change responsibilities to meet business and organizational needs as necessary.

Otsuka is an equal opportunity employerAll qualified applicants are encouraged to apply and will be given consideration for employment without regard to race, color, sex, gender identity or gender expression, sexual orientation, age, disability, religion, national origin, veteran status, marital status, or any other legally protected characteristic

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation, if you are unable or limited in your ability to apply to this job opening as a result of your disabilityYou can request reasonable accommodations by contacting Accommodation Request

Statement Regarding Job Recruiting Fraud Scams

At Otsuka we take security and protection of your personal information very seriously. Please be aware individuals may approach you and falsely present themselves as our employees or representatives. They may use this false pretense to try to gain access to your personal information or acquire money from you by offering fictitious employment opportunities purportedly on our behalf.

Please understand, Otsuka will never ask for financial information of any kind or for payment of money during the job application process. We do not require any financial, credit card or bank account information and/or any payment of any kind to be considered for employment. We will also not offer you money to buy equipment, software, or for any other purpose during the job application process. If you are being asked to pay or offered money for equipment fees or some other application processing fee, even if claimed you will be reimbursed, this is not Otsuka. These claims are fraudulent and you are strongly advised to exercise caution when you receive such an offer of employment.

Otsuka will also never ask you to download a third-party application in order to communicate about a legitimate job opportunity. Scammers may also send offers or claims from a fake email address or from Yahoo, Gmail, Hotmail, etc, and not from an official Otsuka email address. Please take extra caution while examining such an email address, as the scammers may misspell an official Otsuka email address and use a slightly modified version duplicating letters.

To ensure that you are communicating about a legitimate job opportunity at Otsuka, please only deal directly with Otsuka through its official Otsuka Career website https://vhr-otsuka.wd1.myworkdayjobs.com/en-US/External

Otsuka will not be held liable or responsible for any claims, losses, damages or expenses resulting from job recruiting scams. If you suspect a position is fraudulent, please contact Otsuka’s call center at: 800-363-5670. If you believe you are the victim of fraud resulting from a job recruiting scam, please contact the FBI through the Internet Crime Complaint Center at: https://www.ic3.gov, or your local authorities.

Otsuka America Pharmaceutical Inc., Otsuka Pharmaceutical Development & Commercialization, Inc., and Otsuka Precision Health, Inc. (“Otsuka”) does not accept unsolicited assistance from search firms for employment opportunities. All CVs/resumes submitted by search firms to any Otsuka employee directly or through Otsuka’s application portal without a valid written search agreement in place for the position will be considered Otsuka’s sole property. No fee will be paid if a candidate is hired by Otsuka as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.