About Woven by Toyota

Woven by Toyota is enabling Toyota’s once-in-a-century transformation into a mobility company. Inspired by a legacy of innovating for the benefit of others, our mission is to challenge the current state of mobility through human-centric innovation — expanding what “mobility” means and how it serves society.

Our work centers on four pillars: AD/ADAS, our autonomous driving and advanced driver assist technologies; Arene, our software development platform for software-defined vehicles; Woven City, a test course for mobility; and Cloud & AI, the digital infrastructure powering our collaborative foundation. Business-critical functions empower these teams to execute, and together, we’re working toward one bold goal: a world with zero accidents and enhanced well-being for all.

=========================================================================

TEAM

Toyota is redefining what it means to move. We're challenging the current state of mobility by enhancing the movement of people, goods, information and energy. Centered around three core concepts - A Living Laboratory™, Human-Centered, and Ever Evolving City™ - Woven City serves as a test course for mobility to fulfill our purpose of well-being for all.

We do this by bringing together a diverse community of people with a shared passion for the future of mobility to co-create, develop and refine innovative products and services. This cross-section of social infrastructure, mobility, and people provides a unique opportunity for inventors, residents and visitors to interact seamlessly with new technologies throughout daily life in an environment that emulates a real city.

The security team within Woven City focuses on supporting products developed both internally and by inventors. We address complex security challenges for all Woven City systems, platforms and products. Our goal is to enable developers to innovate quickly, without compromising security.

For more information about Woven City, please visit: https://www.woven-city.global/

WHO ARE WE LOOKING FOR?

We are looking for a senior individual contributor to lead security program coordination for Woven City, focusing primarily on an emerging cross‑environment infrastructure platform while supporting broader security initiatives as needed. This position is critical for providing project and program coordination between Woven City Security Teams and an emerging multi‑environment infrastructure platform.

The successful candidate will be responsible for defining and maturing the security program lifecycle across multiple technical workstreams involved in providing infrastructure portability. The objective of this program is to establish the security programs that support the City’s Infrastructure platforms, enabling products that have undergone proof‑of‑concept testing to seamlessly expand beyond their initial deployment environment. This requires establishing robust security governance and operational management across a new platform scope.

You will work with diverse internal security stakeholders, including the SOC, Infrastructure Security, Risk and Governance teams, managing complex cross-program risks and ensuring streamlined security processes for products transitioning toward broader commercial deployment. A high level of ownership and accountability is essential.

RESPONSIBILITIES

Proven ability to credibly coordinate between highly technical security teams (SOC, Infrastructure Security, Product Security) and Mobility product teams/business stakeholders to define security roadmaps and track deliverables for large infrastructure programs
Develop and maintain onboarding processes, policies, and the overall program lifecycle for security deliverables required for the target infrastructure platform
Develop and support the security framework to meet global regulatory requirements for the platform and its critical services, including risk management, data enablement, export regulatory compliance and vendor security
Facilitate coordination across security teams (e.g., Infrastructure Security, Product Security) to ensure necessary security engineering, hardening, threat modeling, and support for security change management are completed for the platform
Proactively identify and address critical security and operational gaps within the infrastructure. Establish clear roles, responsibilities, and processes for security monitoring (SOC), vulnerability management, and event/incident response, ensuring robust coverage across the expanded platform scope.
Drive alignment on new security policies for external-facing services, and advise on adapting existing Woven City policies to meet new external‑facing platform requirements
Collaborate closely with Governance Security teams to establish essential frameworks (e.g., Shared Responsibility Model, risk appetite definitions) for platforms serving external customers. Ensure adherence to required Toyota guidelines.

MINIMUM QUALIFICATIONS

10+ years of cybersecurity engineer/TPM lead experience
TOEIC 900+ or Business level Japanese language proficiency (N1)
Demonstrated capability in designing, launching, and iteratively improving security programs, frameworks, or policies at scale
Proven experience in managing security risks in a complex environment
Deep understanding of global and local regulatory requirements, including hands-on experience operationalizing security frameworks (e.g., ISO27017, ISO27001/27002, NIST CSF) within product, infrastructure, or city-scale platforms
Experience with operationalizing security requirements from regulatory frameworks such as GDPR, FEFTA, PDPA, etc.
Experience tailoring technical and strategic communications for leadership, technical, and non-technical audiences; demonstrated ability to mediate and resolve ambiguity
Strong business acumen with the ability to maintain a business-focused perspective while managing security risks
Proven track record of influencing cross-functional teams, senior leaders, and external partners, especially in hybrid Japanese/international environments

NICE TO HAVES

Experience navigating bilingual work environments and documentation
Relevant certification(s) such as CISSP, CISM, CISA, PMP, CCSP, CIPT
Experience leading programs spanning innovative domains, such as smart cities, mobility, IoT, OT/IT convergence, energy or multi-layered infrastructure platforms
Experience applying risk frameworks to emerging platforms (AI, ML) and large scale data solutions
Understanding of the security export and overseas regulatory requirements
Experience designing and scaling security and compliance processes to meet both external customer and regulatory expectations
Experience implementing KPIs or continuous improvement cycles for security postures and incident response

=========================================================================

Important Points

・All interviews will be arranged via Google Meet, unless otherwise stated.

・The same job descriptions are available in both English and Japanese; therefore, we kindly ask that you apply to only one version.

・We kindly request that you submit your resume in English, if possible. However, Japanese resumes are also acceptable. Please note that, depending on the English proficiency requirements of the role, we may request an English version of your resume later in the process.

WHAT WE OFFER

・Competitive Salary - Based on experience

・Work Hours - Flexible working time

・Paid Holiday - 20 days per year (prorated)

・Sick Leave - 6 days per year (prorated)

・Holiday - Sat & Sun, Japanese National Holidays, and other days defined by our company

・Japanese Social Insurance - Health Insurance, Pension, Workers’ Comp, and Unemployment Insurance, Long-term care insurance

・Housing Allowance

・Retirement Benefits

・Rental Cars Support

・In-house Training Program (software study/language study)

Our Commitment

・We are an equal opportunity employer and value diversity.

・Any information we receive from you will be used only in the hiring and onboarding process. Please see our privacy notice for more details.

CRB

Woven City Technical Program Manager (TPM)