About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

Cybersecurity risk advisor consultants not only identify cybersecurity risks and propose solutions but also lead projects for clients facing increasingly sophisticated security threats. We provide comprehensive support through activities such as helping strengthen incident response preparedness by assisting with the development of policies, delivering various training sessions and advisories, creating procedures to enhance incident response frameworks, and conducting tabletop exercises.

In addition to experience in system administration and operations, candidates should possess the ability to design and facilitate training and workshops, have a solid understanding of cybersecurity principles, recognize the importance of protecting an organization's infrastructure and information, and be aware of the practical limitations of implementation. Even those without prior consulting experience but with a strong interest in cybersecurity will find opportunities here to gain valuable experience as consultants.

サイバーセキュリティリスクアドバイザーコンサルタントは、日々巧妙化するセキュリティ脅威に対面するお客様に対し、プロジェクトをリードしながら、サイバーセキュリティ上のリスクを特定し、課題解決のための推奨改善案を提示するだけなく、セキュリティガバナンスの分野の専門家としてあらゆるお客様のセキュリティ向上に対する活動に対して、規程策定支援や各種トレーニング、アドバイザリー、インシデント対応態勢強化のための手順策定や机上訓練などを通して、サイバーインシデントに備えた対応強化支援などの活動を通してご支援を行います。

システム管理、運用の経験はもちろんのこと、トレーニングやワークショップなどを企画するファシリテーターとしての能力、サイバーセキュリティについての専門的な理解、組織のインフラや情報を保護することの必要性、それを実装するための制限事項についての理解、知識をお持ちの方など、コンサルタントの経験がない方でもサイバーセキュリティに興味を持ち、コンサルタントとしての経験を積みたい方にも活動の場所があります。

What You Will Do

Security consulting related to cybersecurity risk management

Support for CSIRT development, including incident management, security governance, strategic advisory, and other professional services

Assistance with security assessments and roadmap development, as well as the formulation of security policies

Technical security management, including providing guidance and recommendations on business-related security issues

Leading projects in collaboration with team members and maintaining proactive engagement with clients

'-サイバーセキュリティリスク管理に関連するセキュリティコンサルティング

-インシデント管理を伴うCSIRT構築支援,セキュリティガバナンス,戦略的アドバイザリー,他プロフェッショナルサービスの提供

-セキュリティアセスメントおよびロードマップ策定支援,セキュリティポリシー策定支援など

-技術的なセキュリティ管理,およびビジネス上の問題に関するガイダンスや推奨事項の提供

-プロジェクトメンバーと連携したプロジェクトリード,お客様との主体的な連携

What You Will Bring

At least 5 years of experience in information security, cybersecurity, or consulting (e.g., security assessments, security governance, CSIRT development, incident response, vulnerability management, conducting tabletop exercises/information security training, system operations and maintenance, etc.)

Experience with and understanding of the following security frameworks: ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF), NIST SP 800 series, CIS Critical Security Controls

Fluent in Japanese

'-情報セキュリティ、サイバーセキュリティ領域での業務もしくはコンサルティング経験５年以上例）セキュリティアセスメント、セキュリティガバナンスマネジメント、CSIRT構築、インシデント対応、脆弱性管理　・机上訓練/情報セキュリティ教育の実施経験、システム運用保守など

-次のセキュリティフレームワークを理解、活用した活動経験 ISO27001/2、NIST CSF、NIST SP800シリーズ CISクリティカルセキュリティ

日本語に堪能

Desirable

Degree in Computer Science or Information Systems

Security certifications (e.g., CISSP, CISA, CISM)

Fluent in English

Knowledge and experience in key security technologies, processes, and methodologies

'-コンピュータサイエンスまたは情報システム関連の学位

セキュリティ関連認定資格：例　CISSP、CISA、CISM等

‐英語に堪能

－以下のようなセキュリティテクノロジー、プロセス、および方法論に関する知識と経験

　・リスク評価とリスク管理

　・インシデント管理とCSIRTの運用

　（インシデント対応プロセス、一般的なフォレンジックツールなどについての知識）

・監査、ログ記録、および監視の制御

　・サプライチェーンマネジメント

　・事業継続/ディザスタリカバリ

　・ネットワークセキュリティ

　（IPネットワークのアーキテクチャとテクノロジー、プロトコル、ルーティング、IDS/IPSツールとアプリケーションに関する知識、ホスト/ネットワークのアクセス制御メカニズムに関する知識）

　・システムセキュリティ

　（システム、ネットワーク及びOSのハードニング技術に関する知識　例：不要なサービスの削除、パスワードポリシー、ネットワークセグメンテーション、ロギングの有効化、最小特権など、脆弱性管理、診断に関する知識）

　・工場やプラントなどの制御機器を制御し運用するシステム（＝OT（Operational Technology））に関するセキュリティポリシー策定・アセスメント・セキュアな開発支援

Additional Information

#LI-FC1

#B2

#LI-Remote

Ready to Join Us?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back –we encourage you to apply.

What's Great About Sophos?

· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information.

· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit

· Employee-led diversity and inclusion networks that build community and provide education and advocacy

· Annual charity and fundraising initiatives and volunteer days for employees to support local communities

· Global employee sustainability initiatives to reduce our environmental footprint

· Global fitness and trivia competitions to keep our bodies and minds sharp

· Global wellbeing days for employees to relax and recharge

· Monthly wellbeing webinars and training to support employee health and wellbeing

Our Commitment To You

We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Data Protection

If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Sophos

Cybersecurity Risk Advisor Consultant

Similar Legal Jobs

Product/Applications Security Engineer (copy)

Security Engineer

Systems Security Engineer (Infrastructure)

Network Security Engineer