Cyber Security & Compliance Specialist

About Woven by Toyota Woven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society. Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all. ========================================================================= TEAM Woven’s Dojo team helps large corporations power the future of their workforce using MS1, our next-generation proprietary talent management and intelligence platform. We believe employee career progression should be purposeful, secure-by-design, AI-driven, and future-ready. MS1 is gaining strong traction in Japan and globally and aims to serve as the talent management backbone of Japan and APAC. Our mission is to build a compelling, customer-centric Talent Management SaaS business within Woven by Toyota, serving enterprise customers and partners—starting from within Toyota and its ecosystem companies. Within the Product & Engineering organization, you will work closely with product, engineering, data, and security peers to ensure our platform is trusted by the world’s largest enterprises. This role is central to enabling MS1 to scale securely across regions, customers, and regulatory environments. WHO ARE WE LOOKING FOR? We are looking for a Cyber Security & Compliance Specialist to own and evolve the security, compliance, and data governance posture of MS1. You will set direction for MS1 and be hands on where it matters most! In this role, you will act as the senior security authority embedded within Product & Engineering, shaping how security, privacy, and compliance are designed into our platform from day one. You will lead MS1 initiatives across SOC2, GDPR, APPI, and other enterprise security requirements, while partnering closely with cross-functional engineering leadership, data teams, and our internal cyber security function. This is a highly visible role that combines strategic leadership, hands-on technical depth, and external-facing responsibility. You will represent MS1 in customer security reviews, audits, and enterprise procurement processes, and ensure our platform earns and maintains trust at global scale. You will report to the Senior Engineering Manager, and work as a close peer to engineering, data, and security leadership in the Dojo team and across Woven by Toyota. RESPONSIBILITIES You will have 3 main pillars of responsibility in this role Customer trust and compliance (GRC and Audit) ・Co-define and coordinate MS1’s SOC2 Type II, GDPR, APPI, and similar compliance programs, partnering with engineering, data, legal, privacy, and internal security teams ・Act as the primary security representative in customer security reviews and audits (both internal and external) ・Collaborate with internal cyber security teams to align platform-level security controls, threat models, risk management, and incident response processes ・Own and define the platform security and trust strategy for MS1, aligned with product scale, enterprise customer expectations, and regulatory requirements Platform Security ・Partner closely with engineering teams to embed secure-by-design principles across the platform ・Guide and mentor engineers on secure development practices, DevSecOps, and cloud security patterns ・Continuously assess and improve platform risk posture through threat modeling, architecture reviews, and security automation Data Protection and Governance ・Partner closely with data teams and data scientists to embed privacy-by-design principles across the platform ・Support the operationalization of data security and data governance standards, including classification, access control, encryption, retention, and tenant isolation MINIMUM QUALIFICATIONS

7+ years of experience in information security, platform security, or security engineering, including leadership roles

Experience leading enterprise security questionnaires, security reviews and audits, and follow-up evidence packages end to end (e.g. SOC2, GDPR, APPI, ISO27001), and experience to work closely with executives, customers, auditors, regulators

3+ years in cloud-native security architectures (AWS preferred), including IAM, network security, encryption, and monitoring

Experience securing multi-tenant SaaS platforms, with an emphasis on data protection and tenant isolation

Hands-on experience with DevSecOps, application security testing, CI/CD security, and secure software delivery practices

NICE TO HAVES

Prior experience working within the a CISO office or similar environment

Experience supporting financial services, HR tech or similarly highly regulated industries

Successfully navigating regional privacy regulations like APPI, GDPR, CCPA in a market product

Experience scaling security programs in high-growth or product-led organizations

Familiarity with multi-tenant data architecture for SaaS built with domain-driven design and microservices architecture in-mind

Have experience in fine-grained access control, encryption, PII handling and retention, and tenant isolation

Have experience in multi-region exposure

Japanese language proficiency is a plus but not required