Manager, Data Protection & Information Security Efficacy

The Data Protection & Information Security Efficacy Manager reports to the Business Information Security Officer (BISO) and collaborates with business and IT colleagues to deliver critical capabilities in support of strategic information security goals. This includes the operational management of data protection solutions, the delivery and reporting of information security program metrics, the adversary simulation services, contributions to security awareness & training and other business-facing information security services as assigned. The role requires excellent communication skills and the ability to support multiple efforts across information security disciplines., As a member of the Information Security team and under the supervision of BISO, the Data Protection & Information Security Efficacy Manager is responsible for execution and maintenance of information protection solutions in alignment with the IS strategy and roadmap. Responsibilities include configuring and managing information security capabilities and rules/policies; monitoring control effectiveness; and partnering with business and IT teams to drive timely remediation. The role also supports the ongoing identification, classification, and protection of vital and restricted ("crown jewel") data. Additional responsibilities include developing, maintaining, and reporting key metrics that demonstrate the performance, value, and maturity of the information security program. The individual will also contribute to the information security awareness program by supporting continuous education activities, including recurring phishing simulations. This role requires the ability to manage multiple priorities simultaneously, while operating independently with limited supervision.

Data Protection

• Configure, operate, and maintain DSPM and data protection technology platform, including classifiers, policies, correlation logic, and enforcement controls-to ensure consistent alignment with the enterprise information protection strategy.
• Partner with business and IT teams to identify vital and sensitive company data and implement the appropriate protection controls.
• Monitor and respond to alerts or reports of potential information or data exposure, coordinating with SOC and IT teams as needed to ensure timely analysis and response.
• Perform root cause analysis for identified threats or exposure events and drive corrective actions to prevent recurrence.
• Maintain, refine, and enhance information protection rulesets in collaboration with information security, business stakeholders, and IT teams, supporting the identification, remediation, or mitigation of data protection gaps.

Information Security Program Metrics

• Responsible for collection, analysis, and reporting of key performance indicators (KPIs) and key risk indicators (KRIs) across all information security program domains to measure control effectiveness and overall program maturity.
• Develop and maintain near-real-time dashboards that provide transparency into program performance, risk trends, and operational metrics for stakeholders and leadership.
• Conduct periodic benchmarking of the information security program by coordinating with BISO, Information Security, IT, and other stakeholders to evaluate progress against internal targets and industry standards.

Adversary Simulation & Penetration Testing

• Partner with IS and IT teams to execute the organization's annual strategy and roadmap for adversary simulations and internal and external penetration testing across network, web applications, and critical systems.
• Support with overseeing third party selection, planning and execution of internal and external testing activities, ensuring alignment with approved methodologies and rules of engagement.
• Evaluate and synthesize test results to identify systemic risks, control weaknesses, and emerging patterns.
• Partner with security, IT, and business stakeholders to ensure remediation actions are prioritized, tracked, and validated.
• Prepare input and summaries for executive-level reporting on testing outcomes, risk posture, and improvements to strengthen overall security resilience.

Security Awareness & Training

• Support the BISO in the development and delivery of organization-wide information security training content.
• Establish and publish technical security guidance in coordination with information security colleagues.
• Participate in the design and assessment of phishing simulation campaigns to assess employee awareness through the company's phishing delivery platform.

To be successful in this Information Security Assurance Manager role, you must have and maintain knowledge of the information and cybersecurity frameworks and best practices, exhibit strong analytical skills and judgement, and demonstrate excellent communication in collaboration with stakeholders. You must also stay up to date with industry advancements and continuously improve security protocols to protect the organization's data from threats., * 8+ years of experience in information security, including experience in data loss protection, insider risk management, information security metrics and simulations.

• Experience with Data Protection platforms BigID and Purview.
• Experienced in building Power BI dashboards, integrating data through API connections, and developing automation workflows to streamline reporting and operational processes.
• Excellent communication and interpersonal skills, with the ability to explain complex technical concepts to non-technical stakeholders, both verbally and written.
• Experience with cloud security (e.g., AWS, Azure, Google Cloud) is desirable.
• Strong understanding of cybersecurity frameworks and best practices.
• Convey a can-do approach, even in the face of obstacles and constraints, by assessing what is in front of you and effectively and efficiently optimizing what you have, whether it is working on something new or thinking about how to do something better.
• Demonstrate teamwork and communication skills through knowledge sharing, collaboration, and relationship-building.
• Exhibit the capacity to actively learn and apply specific domain knowledge and best practices to continually enhance and improve.

Educational Qualifications

• Bachelor's degree in computer science, Information Security, or a related field.
• Certifications such as CISSP, CISM, CISA, or similar are highly desirable., Accountability for Results - Stay focused on key strategic objectives, be accountable for high standards of performance, and take an active role in leading change. Strategic Thinking & Problem Solving - Make decisions considering the long-term impact to customers, patients, employees, and the business. Patient & Customer Centricity - Maintain an ongoing focus on the needs of our customers and/or key stakeholders. Impactful Communication - Communicate with logic, clarity, and respect. Influence at all levels to achieve the best results for Otsuka. Respectful Collaboration - Seek and value others' perspectives and strive for diverse partnerships to enhance work toward common goals. Empowered Development - Play an active role in professional development as a business imperative.

Minimum $121,103.00 - Maximum $181,125.00, plus incentive opportunity: The range shown represents a typical pay range or starting pay for individuals who are hired in the role to perform in the United States. Other elements may be used to determine actual pay such as the candidate's job experience, specific skills, and comparison to internal incumbents currently in role. Typically, actual pay will be positioned within the established range, rather than at its minimum or maximum. This information is provided to applicants in accordance with states and local laws.

Company benefits: Comprehensive medical, dental, vision, prescription drug coverage, company provided basic life, accidental death & dismemberment, short-term and long-term disability insurance, tuition reimbursement, student loan assistance, a generous 401(k) match, flexible time off, paid holidays, and paid leave programs as well as other company provided benefits.

To ensure that you are communicating about a legitimate job opportunity at Otsuka, please only deal directly with Otsuka through its official Otsuka Career website https://vhr-otsuka.wd1.myworkdayjobs.com/en-US/External.