Senior Security and Privacy Analyst, Bilingual Japanese and English Location:Cebu, Philippines Department:Privacy, Security & Risk About AvePoint AvePoint is the global leader in data protection, unifying data security, governance, and resilience to provide a trusted foundation for AI. More than 28,000 customers rely on the AvePoint Confidence Platform to secure, govern, and rapidly recover data across Microsoft, Google, Salesforce, and other cloud environments. With a single platform for lifecycle control, multicloud governance, and rapid recovery paired with clear ownership across the business, we prevent overexposure and sprawl, modernize legacy and fragmented data, and minimize data loss and interruption. Our global partner ecosystem includes approximately 6,000 MSPs, VARs, and SIs, and our solutions are available in over 100 cloud marketplaces. To learn more, visit www.avepoint.com. About the role We are looking for a Senior Security and Privacy Analyst to serve as the APAC regional lead for AvePoint's Privacy, Security & Risk (PSR) program. You will help implement and drive initiatives, programs, and projects to raise our game in Information Security, Privacy, and Risk Management across the Asia-Pacific region. You are pragmatic, operational, and practical in your understanding of risk and security, but also have a business-minded approach. You will help us "say what we do, do what we say, and prove it." This role is critical to supporting AvePoint's expanding APAC compliance footprint—including ISMAP (Japan), IRAP (Australia), and regional privacy regulations—while partnering closely with our global PSR team. Key Responsibilities - Regional Compliance & Certification: Lead and operationalize APAC-specific certification and audit activities, with primary focus on Japan's ISMAP (Information system Security Management and Assessment Program) and Australia's IRAP (Infosec Registered Assessors Program), including evidence gathering, control mapping, and coordination with external assessors. - Privacy & Data Protection: Support compliance with APAC data protection laws and regulations, including Japan's APPI, Australia's Privacy Act, and other regional requirements such as South Korea's PIPA, in alignment with AvePoint's global privacy standards. - Security Operations: Contribute hands-on to the day-to-day operations of the information security and privacy program, including monitoring and responding to security incidents across the APAC region. - Audit & Risk Management: Operationalize activities around certifications, audits, and risk management initiatives. Support internal and external audit readiness, including SOC 2 Type II, ISO 27001, ISO 27701, and APAC-specific frameworks. - Sales Enablement & Customer Trust: Partner with the APAC sales organization on PSR matters—respond to customer security questionnaires, RFPs, and due diligence requests, balancing deal velocity with AvePoint's PSR requirements. Serve as a regional representative and advocate of AvePoint's expertise in data security. - Documentation & Communication: Update and maintain security and privacy documentation to keep current with frequent regulatory and programmatic changes in the APAC region. Create effective technical communications in both Japanese and English across a variety of media. - Security Champions Program: Collaborate with regional Security Champions (e.g., in Japan, Singapore, China, and ANZ) to enhance security awareness, promote best practices, and drive localized security initiatives. - Cross-Functional Collaboration: Actively participate in cross-functional teams representing the PSR function. Collaborate with the CISO/CPO and senior leadership to develop and execute strategic plans for APAC security and privacy initiatives. - Vendor & Third-Party Risk: Support vendor risk assessments and third-party security evaluations for APAC-based partners and subprocessors, ensuring compliance with AvePoint's data protection and information security standards. - Continuous Improvement: Continuously improve internal PSR deliverables and content in response to feedback from APAC customers, colleagues, and evolving regulatory landscapes. Required Qualifications - Education: Bachelor's degree in Information Security, Computer Science, Engineering, Law, or a related field. A master's degree is preferred. - Experience: Approximately 5–8 years of experience in information security, privacy, compliance, or risk management, with at least 2 years of experience supporting APAC-region compliance programs. - Language: Fluent in Japanese and English (spoken and written) — this is a hard requirement. The role requires the ability to translate technical security and privacy concepts between both languages, interact with Japanese government-adjacent auditing bodies, and produce professional documentation in both languages. - Writing Skills: Strong background in writing with excellent editing and proofreading skills in both English and Japanese. - Technical Knowledge: Solid understanding of networking, cloud infrastructure, and information security principles. Familiarity with security frameworks such as ISO 27001, ISO 27002, SOC 2, and NIST SP 800-53. - Regulatory Knowledge: Working knowledge of APAC privacy and data protection regulations (e.g., Japan APPI, Australia Privacy Act, PDPA). Preferred Qualifications - ISMAP Expertise: Familiarity with Japan's ISMAP framework, including ISMAP management standards, the audit process, and cloud service registration requirements. Experience supporting ISMAP audits or readiness assessments is highly valued. - IRAP Expertise: Familiarity with Australia's IRAP framework, including the ISM (Information Security Manual), PSPF, and the four-stage IRAP assessment process (Plan & Prepare → Define Scope → Assess Controls → Report Findings). - Additional Languages: Proficiency in Chinese (Mandarin) and/or Vietnamese is a significant plus. - Certifications: Relevant certifications such as CIPP/A, CISSP, CISM, CISA, or ISO 27001 Lead Auditor are highly desirable. - Industry Experience: Experience in a SaaS, cloud software, or technology company in the security, privacy, or compliance field. - Sales Enablement: Experience supporting sales teams with security questionnaires, RFPs, and customer-facing trust narratives. What We Offer - The opportunity to be the APAC voice of one of the most forward-thinking PSR programs in the data management industry - Direct collaboration with AvePoint's global Security Team, including the CISO/CPO and senior leadership - A dynamic, global team culture that values agility, passion, and teamwork - Professional development support, including certification sponsorship - Competitive compensation and benefits aligned with APAC market standards What’s in it for you? - HMO coverage from day 1 of employment (plus 2 free dependents) - Group life insurance (upon regularization) - Wellness Reimbursement Program (upon regularization) - Paid annual and sick leaves (convertible into cash) - Paid compassionate leave (5 days) - Employee Dedication Award (years of service) - Employee Referral Bonus Program - Promoting diversity and inclusion - Business Travel Opportunity (Top Performers) - Hybrid Working Arrangement (3 days onsite & 2 days' work-from-home) - Competitive compensation package, Performance bonuses/incentives - Career growth & advancement opportunities *Terms and conditions apply AvePoint is proud to employ talent from many different backgrounds, experiences, and identities. We believe that diversity and inclusion drives our success and is at the core of how we hire, communicate, and collaborate to deliver value and excellence. We are committed to fostering an environment where people can bring their whole selves to work and feel a sense of belonging, and we continue to work toward creating a workforce that represents the diversity of our customers and communities. Any personal data you share with us during the application process will be processed strictly in compliance with applicable data protection laws and our Privacy Notice.

Role Description The Security Analyst is responsible for specific aspects of the security program including: - Regulatory reporting - Metrics/KPIs - Training and awareness - Security process integration - Risk management for our clients Key responsibilities include: - Protecting computer assets by establishing and enforcing system access controls; maintaining disaster preparedness. - Documenting, maintaining, and analyzing compliance with IT controls, standard procedures, and policies. - Demonstrating excellent customer service skills, building credibility and rapport with client technical teams. - Assisting in periodic information risk assessments and audits to ensure that information systems are adequately protected to meet security objectives. - Assisting in collecting security-related evidence for external audits. - Providing technical expertise during IT security incident response. - Supporting IT security inquiries from customers. - Assisting in the review of vendor IT security programs and controls. - Tracking and maintaining action plans for the resolution of issues identified during assessments and audits. - Ensuring authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements. - Establishing physical security by developing standards, policies, and procedures. - Advising on risk levels and security posture through a risk management framework. - Identifying business processes requiring information security integration. - Supporting the design and execution of security exercises. - Applying an analytical mindset to make sound recommendations on Operational Risk issues. - Demonstrating technical knowledge of IT security theory, technologies, policies, and practices. - Effectively negotiating or mediating issues. - Exhibiting strong written communication and documentation, and analytical reporting skills. - Having working knowledge of GRC platforms. - Possessing experience with information protection, security, risk, and compliance-related matters. - Having IT audit experience in gathering artifacts. - Utilizing persuasive communication skills necessary to collect essential information & answer questions. - Exhibiting planning and organizational skills necessary to coordinate workload around complex, multiple assignments. - Proven ability in information security principles, latest industry awareness, and current knowledge. - Knowledge of NIST (800-53, CSF) and other information security frameworks. - Knowledge of information security processes and tools. - Able to manage multiple priorities and work well under pressure. - Knowledge of data privacy regulations is a plus. Qualifications - 3+ years of experience in IT audit, information security, or information risk management with customer-facing responsibilities within the defense industry. - Policy, risk, and framework experience. - General knowledge of IT audit and assessment concepts and practices. - Proven ability in information security principles, latest industry awareness, and current knowledge. - Documentation uplift and creation. - Experience with metrics and reporting. - Comfortable and experienced with presenting. - Financial industry experience is preferred. Requirements - Salary commensurate with years of experience, technical expertise, and geographic location. - Salary range: $95,000 to $130,000. - Performance bonuses. Benefits - 100% paid medical, dental, and vision for the employee. - 401(k) with employer match. - Strong company culture. - Flexible PTO policy. - Flexible working arrangements. - Annual company overnight retreat. Company Description EVOTEK believes that everyone has the ability to make an impact, and we are proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, color, gender, religion, marital status, domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, pregnancy, military or veteran status, citizenship status, and genetic information.

• Operate and evolve the Vulnerability Management process, being responsible for identifying, analyzing, prioritizing, tracking and validating the remediation of vulnerabilities in IT, OT (Operational Technology) and Cloud environments. • Execute and monitor vulnerability scans on infrastructure assets, operating systems, applications, APIs, cloud environments and industrial assets. • Analyze results from Vulnerability Management tools, identifying vulnerabilities, validating false positives and supporting the definition of remediation strategies. • Classify and prioritize vulnerabilities based on risk criteria, asset criticality, business impact and exploitation potential. • Plan, coordinate and follow up on remediation actions with responsible teams, ensuring improvements in security indicators and adherence to established deadlines. • Perform technical re-validations to demonstrate the effectiveness of implemented fixes. • Support hardening initiatives, risk management and continuous improvement of the organization’s security posture. • Continuously monitor new vulnerabilities, emerging threats and risks that may impact the corporate environment. • Prepare technical reports, dashboards and executive metrics to monitor the maturity of the Vulnerability Management process. • Participate in alignment meetings with infrastructure, cloud, security, development teams and business stakeholders. • Contribute to the advancement of processes, automations and integrations related to Vulnerability Management.

• Monitor and respond to security alerts across Rubrik’s corporate network, endpoints, cloud, and SaaS environments. • Rapidly detect and accurately identify signs of intrusions and other malicious activity. • Manage the end-to-end incident response lifecycle, encompassing triage, deep-dive investigations, and remediation to ensure accurate identification of root causes and organizational impact. • Partner with vulnerability management, FedRAMP, and engineering teams to assess threats, prioritize vulnerabilities, and drive timely remediation efforts. • Collaborate with cross functional teams to drive resolution of events. • Contribute to overall program maturity through providing feedback and ideas to refine and improve detection capabilities and response processes. • Update and maintain accurate incident case attributes and investigation details.