Chief Information Security Officer (CISO)

The Company

HOYA Group: Founded in 1941 in Tokyo, Japan, HOYA Corporation is a global technology and med-tech company and a leading supplier of innovative high-tech and medical products. HOYA's divisions and business units research and develop products utilized in the healthcare and information technology fields. In the healthcare field, we provide medical device products such as eyeglasses, medical endoscopes, contact and intraocular lenses, orthopedic implants, surgical/therapeutic devices and medical device reprocessing and disinfection solutions. In the information technology field, we provide products such as optical lenses, photomasks and blanks used in the manufacturing process for semiconductor and LCD/OLED devices, text-to-speech, human resources and other software solutions and critical components for the mass memory and cloud storage industries. With over 150 offices and subsidiaries worldwide, HOYA currently employs a multinational workforce of 37,000 people.

The Position

The Chief Information Security Officer (CISO) is responsible for establishing and leading the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO leads the cyber and information security functions across the global enterprise, ensuring adherence to security best practices, regulatory compliance, risk management, and incident response preparedness. This role is pivotal in driving a culture of security awareness and accountability at all levels of the organisation

Key Stakeholders

Internal Relationships:

• Division Technology leaders, managers, and teams.
• Senior leadership, including executives and department heads
• Cross-functional teams involved in transformation projects.

External Relationships:

• Regulatory bodies, industry associations, and external partners.

Major Responsibilities

Strategic Leadership

• Develop and execute a holistic cybersecurity strategy aligned with business goals.
• Lead the development and implementation of global information security policies, standards, and procedures.
• Serve as a key advisor to executive leadership on all cybersecurity matters.

Governance, Risk & Compliance

• Oversee the enterprise-wide information risk management program.
• Ensure compliance with applicable regulations, industry standards, and internal policies (e.g., NIST CSF, ISO 27001, GDPR)
• Lead internal and external security audits, assessments, and regulatory reviews.

Security Operations & Incident Response

• Oversee day-to-day monitoring and protection of information systems.
• Lead the security operations centre (SOC), threat detection and response activities.
• Establish and manage incident response plans and crisis communication protocols.

Architecture & Technology Oversight

• Define secure architecture standards and ensure security is embedded in solution design and delivery.
• Guide the adoption of zero-trust principles, cloud security, and modern access control mechanisms (e.g., SASE, IAM).
• Oversee selection and implementation of security tools (e.g., SIEM, Vulnerability Management, DLP, etc.).

Team Leadership & Culture

• Build, lead and develop a strong, well-functioning, high-performing cybersecurity team with clear accountability, strong engagement, and effective operating rhythms.
• Foster a strong culture of information security awareness and ownership.
• Collaborate effectively within the leadership team and across division stakeholders to align priorities, drive decisions, and embed security into business and technology operations.
• Ensure a high standard of detail, rigour, and accuracy in analysis, recommendations, and executive materials, producing outputs that are consistently CxO-ready.
• Build core security capabilities, governance foundations, processes, and disciplines from the ground up where needed, including the essential operational work required to create a sustainable function.

Vendor and Third-Party Risk Management

• Lead evaluation and monitoring of third-party vendors security postures.
• Define and enforce security requirements in procurement and outsourcing contracts.

Key Deliverables

• % reduction in cybersecurity incidents year-over-year
• Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to security incidents.
• % completion of employee security awareness training.
• Number of successful audits with no major findings.
• % of systems compliant with patching SLAs.
• Maturity level improvements aligned to NIST CSF or other frameworks.
• Executive and board confidence in the security posture.
• Quality of incident response readiness and tabletop exercises.
• Stakeholder satisfaction with the cybersecurity function, including collaboration across stakeholders.
• Effectiveness of cross-functional collaboration and integration.
• Strength of team leadership, including the ability to build a cohesive, high-performing, and well-functioning organisation.
• Quality, accuracy, and executive readiness of security outputs, reports, and materials provided to senior leadership.
• Effectiveness in establishing foundational capabilities, processes, and controls from the ground up to create a scalable and sustainable security function.

Qualifications

Required Qualifications

• Bachelor's or master's degree in a relevant field (e.g., Business, Management).
• Industry certifications such as CISSP, CISM, CISA, or CCISO are strongly preferred.
• Minimum of 10–15 years in progressively senior roles in cybersecurity or IT risk management.
• Experience leading enterprise-wide cybersecurity programs in global, complex environments.
• Proven success in managing crisis response and recovery during cyber incidents.
• Deep understanding of modern security architectures, cloud and hybrid environments, and compliance standards.
• someone with a keen eye for detail who takes pride in the quality and accuracy of their work
• A strong communicator and relationship builder who inspires trust and confidence with their peers and stakeholders across the business.
• A leader who can nurture and grow a high-performing team of professionals and cultivate a culture of care and collaboration.