Head of IT Security

What you’ll Do:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.

• Work directly with the business units to facilitate risk assessment and risk management processes.

• Develop and enhance an information security management framework.

• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.

• Provide leadership to the enterprise's information security organization.

• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

• Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.

• Maintain a current understanding the IT threat landscape for the industry.

• Translate that knowledge to identification of risks and actionable plans to protect the business and schedule periodic security audits.

• Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.

• Constantly update the cyber security strategy to leverage new technology and threat information.

• Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.

• Encourage employees in Tech and Non-tech to understand security best practices and risk to build secure platforms such as software, infrastructure and processes.

What you’ll Need:

• Bachelor or Master’s degree in Computer Engineering, Computer Science, Cyber Security or related fields.

• 8-10 years of work experience in Information Technology Security related and at least 2 year experiences in team management.

• Hands-on experience in writing company-wide security policies and controls.

• Able to manage and work across with stakeholders both in the external and internal department.

• Knowledge of common information security management frameworks, such as ISO/IEC 27001/27002, COBIT and/or NIST.

• Knowledge about global Data Protection Regulations and the Personal Data Protection Act.

• Knowledge of E2E security design including network, platform and application.

• Experience in Agile software development practices in combination with CI/CD.

• Experience in system and applications security management and control.

• Experience with security technologies e.g. Intrusion Detection System (IDS) monitoring, Incident Response, and Disaster Recovery Planning.

• Experience in facilitating information security risk assessments.

• Experience with Cloud computing and Cloud security practice.

• Professional certificates related to work (e.g. CISSP, CISM, ISO 27001, PCI DSS or similar general security certification) is very desirable.

• Proficient written and verbal communication skill in Thai and English.