Perform risk management and IT governance, system, and data classification, business impact analysis, risk assessments, IT security audits, continuity planning, and disaster recovery
Conduct assessment and development of information security policies, standards, and procedures that ensure compliance with applicable laws and regulations
Ensure the awareness of security in the company
Ensure controls and compliance over global customer information, financial data, and transactions
Present and communicate the security-related program with all parties in the company
Requirements:
Minimum Bachelor Degree in Computer Science, Information System, or other related disciplines with minimum 1-2 years proven experience as an Information Security Governance, Risk, and Compliance or similar role
Have a good understanding of the threat, vulnerability, impact, and risk and their implementation on business process.
Possess knowledge of as many as the following law, regulations, frameworks, and/or industry standards: COBIT, ISO/IEC 27000-series, PCI/DSS, NIST SP 800-53/30, GDPR, PDPA, PP71, UU ITE, etc
Passion and hands-on experience in identifying or exploiting vulnerabilities, including using or developing security tools, is a strong plus.
Knowledge of Windows/Linux/macOS environments, cloud platforms, networking, and security controls, as well as familiarity with DevSecOps practices, will also be highly valued.
Ability to act independently and exercise good judgment as well as the ability to work cross-department
Ability to prioritize and multitask.
Strong written and verbal communication skills
Strong interpersonal skills
Strong problem-solving and negotiation skills.
Calmness and clarity of thought under pressure and ability to maintain confidentiality.
Accept responsibility and personal accountability.
Ability to stay updated with current information security trends.
