My First Day

Today was my first day in a new job - what will hopefully be my last working for someone else.

The role and work I've been given is much more like what I'm familiar with - security compliance. The first project I've been given is to help a client - a subsidiary of a well-known Japanese car manufacturer - achieve compliance with Japan's Financial Instruments and Exchange Law, which is Japan's equivalent of the US Sarbanes-Oxley Act (SOX).

The Sarbanes-Oxley Act was brought in after the well-publicised financial reporting scandals involving the likes of Enron and WorldCom. The aim of the Act being to strengthen requirements regarding corporate governance and internal control. Amongst other things this means that companies listed on the US stock exchange must be able to demonstrate strong internal controls that can prevent and detect fraud. The Japanese equivalent, nicknamed J-SOX, was also established after scandals involving listed companies in Japan and has similar requirements.

My job is to help the client address the high-priority security weaknesses that have been identified and establish controls for these before March 2008 - when J-SOX comes into effect. What this means in practice is that I'll be carrying out interviews with different areas of their business to understand exactly what security controls are in place now and provide recommendations on additional controls. My company is then hoping that the client will ask me to help them with implementation - which will mean writing security policies and procedures, giving them guidance on securing their IT systems, as well as helping them implement new security systems where required such as Intrusion Prevention technology - the aim being to try and cross-sell as many of our companies' services and solutions as possible.

It's not the most exciting job in the world but it pays the bills.