Head of IT Security

Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.

Work directly with the business units to facilitate risk assessment and risk management processes.

Develop and enhance an information security management framework.

Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.

Provide leadership to the enterprise's information security organization.

Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

Maintain a current understanding the IT threat landscape for the industry.

Translate that knowledge to identification of risks and actionable plans to protect the business and schedule periodic security audits.

Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.

Constantly update the cyber security strategy to leverage new technology and threat information.

Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget. 

Encourage employees in Tech and Non-tech to understand security best practices and risk to build secure platforms such as software, infrastructure and processes.

Bachelor or Master’s degree in Computer Engineering, Computer Science, Cyber Security or related fields.

8-10 years of work experience in Information Technology Security related and at least 2 year experiences in team management.

Hands-on experience in writing company-wide security policies and controls.

Able to manage and work across with stakeholders both in the external and internal department.

Knowledge of common information security management frameworks, such as ISO/IEC 27001/27002, COBIT and/or NIST.

Knowledge about global Data Protection Regulations and the Personal Data Protection Act.

Knowledge of E2E security design including network, platform and application.

Experience in Agile software development practices in combination with CI/CD. 

Experience in system and applications security management and control.

Experience with security technologies e.g. Intrusion Detection System (IDS) monitoring, Incident Response, and Disaster Recovery Planning.

Experience in facilitating information security risk assessments.

Experience with Cloud computing and Cloud security practice. 

Professional certificates related to work (e.g. CISSP, CISM, ISO 27001, PCI DSS or similar general security certification) is very desirable.

Proficient written and verbal communication skill in Thai and English.