TableCheck

Security & Compliance Engineer

TableCheck · Tokyo, Tokyo, Japan

Software Development · 201-500 employees

6 h ago
Remote Mid (2-5 yrs) Full-time Japan
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Lead the implementation and maintenance of security compliance programs including SOC 2, ISO 27001, and PCI DSS using the Drata platform. Coordinate with engineering and legal teams to manage risk assessments, external audits, and data protection regulations.

What they look for

SOC 2 Type II ISO 27001 PCI DSS Drata NIST CSF MITRE ATT&CK Risk Assessment AWS Security GDPR APPI Internal Auditing Vendor Security Review Incident Response Planning Compliance Automation Governance Risk and Compliance Technical Writing

Requirements

Requires over 3 years of experience in security compliance and risk governance with a proven track record of achieving major certifications. Candidates should be familiar with AWS security services and possess strong communication skills to translate technical risks for stakeholders.

Full description

TableCheck, Japan's leading restaurant reservation management platform, is seeking a Security & Compliance Engineer. As a member of our Site Security squad as part of the Site Reliability Engineering team, you will lead our security posture, compliance programs, and risk governance — ensuring TableCheck meets the highest standards of data protection and regulatory compliance.

We run a robust and fault-tolerant infrastructure built on Amazon Web Services (AWS). TableCheck has embraced remote work, and as such, communication and documentation are in our blood. We look for and write about signals in the noise which enables us to constantly learn from mistakes and adapt, and we expect members of our teams to constantly follow up with questions and updates to keep everyone in the loop.

Key Responsibilities:

  • Own and lead end-to-end implementation, maintenance, and renewal of SOC 2 Type II, ISO 27001, PCI DSS, and related compliance programs through our compliance platform (Drata).
  • Develop, maintain, and enforce security policies, procedures, and documentation aligned with industry frameworks (NIST CSF, ISO 27001 Annex A, MITRE ATT&CK).
  • Conduct regular risk assessments, internal audits, and control effectiveness reviews; identify gaps and drive remediation through coordination with engineering and operations teams.
  • Manage third-party risk assessments and vendor security reviews, including security questionnaires and due diligence.
  • Serve as the primary point of contact for external audits and certification bodies — preparing evidence, coordinating interviews, and managing the audit lifecycle.
  • Partner with legal, privacy, and engineering teams on data protection matters, including privacy impact assessments and incident response planning.
  • Monitor regulatory changes in Japan and other operating markets (e.g., APPI, GDPR) and advise the business on compliance obligations.
  • Build and maintain relationships with engineering teams to embed security and compliance requirements into development workflows — working collaboratively rather than as a bottleneck.

Required Skills:

  • 3+ years in security compliance, risk, or governance roles with proven experience achieving and maintaining SOC 2 Type II and/or ISO 27001 certification (full lifecycle — from gap analysis through audit).
  • Hands-on experience with compliance automation platforms, ideally Drata.
  • Deep understanding of security frameworks and standards: SOC 2 Trust Services Criteria, ISO 27001/27002, NIST CSF, and data privacy regulations (APPI, GDPR a plus).
  • Strong written and verbal communication skills — you can translate technical security requirements into clear policies and explain business risk to non-technical stakeholders.
  • Experience coordinating with external auditors and managing the audit process end-to-end.
  • Ability to collaborate with engineering teams to remediate findings and implement controls without deep hands-on coding.
  • Familiarity with AWS security services (IAM, GuardDuty, Config) at an operational level — enough to understand cloud security controls and ask the right questions of engineering teams.

Preferred Qualifications:

  • Japanese language proficiency (business level or higher) — this is a significant plus given our Japan-first operations.
  • Experience in the SaaS / technology industry.
  • Familiarity with cloud-native security concepts (containers, Kubernetes, serverless) at an architectural level — sufficient to understand and audit engineering security practices without implementing them.
  • Background in law, regulatory compliance, or information governance (e.g., JD, CIPP, CISM, CISSP).
  • Ability to thrive in a small, agile team with minimal supervision and a high degree of autonomy.