128 Cyber Risk Management jobs in Thailand

Chief Risk Officer (CRO) - (Equivalent to Dept Manager Level)

The CRO will head the newly established Risk Management Department (RMD) for Kingfisher Holdings Limited and its subsidiaries (the Group). He or she  will be responsible for identifying, assessing, and mitigating potential risks that could impact the Group's financial health, security, safety, operations, and reputation and will develop and implement risk management strategies, policies, and procedures to minimize potential losses and ensure compliance with relevant regulations.

Reporting to: Chairman of the Group Risk Management Committee(RMC)

Working Location : Samutsakorn Factory, Nadee, Samutsakorn Province

Risk Assessment Job Responsibilities:

· Staff

Actively assist RMC and the Group Human Resources Department in the identification, assessment and recruitment of potential new staff for the RMD, from both outside and inside the Group

· Risk Identification and Assessment:

Identify potential risks across various areas like financial, operational, and compliance, and assessing their potential impact.

· Risk Analysis and Prioritization:

Conduct risk analysis to evaluate the likelihood and potential severity of identified risks and prioritizing them based on their potential impact.

· Policy Development and Implementation

Review and recommend necessary changes to existing Group  risk management policies and procedures and, where needed, create RMD policies and procedures, ensuring they are appropriate, up to date and aligned with Group goals and regulatory requirements. Recommend risk appetite levels for approval by RMC.

· Risk Mitigation:

Develop and implement strategies to reduce or eliminate identified risks. This includes creating contingency plans, establishing controls, and working with other departments to address potential

· Monitoring and Review:

Track the effectiveness of risk management strategies and processes, monitoring key risk indicators and reporting on risk levels

Continuously monitor the effectiveness of implemented risk management strategies and making adjustments as needed.

· Reporting and Communication:

Communicate risk assessments, mitigation plans and monitoring results to RMC.

· Ensuring Compliance:

Ensuring that the Group complies with relevant laws, regulations and industry standards related to risk management.

· Training and Awareness:

Educate employees about risk management best practices and promoting a culture of risk awareness throughout the Group, including by facilitating workshops and training.

· Developing Contingency Plans:

Create contingency plans to manage crises and ensure business continuity in the event of a risk event.

· Collaboration:

Work with different departments to ensure a holistic approach to risk management and integrating risk considerations into decision – making process.

Skills and Qualifications:

· Bachelor Degree or higher in a relevant study, such as Business, Legal, Finance, Accounting, Risk Management, Engineering, Occupational Health and Safety or Business Administration and related fields.

· to 10 years of working experience in Risk Management, Risk Assessment, Safety Management, Financial Management or other related areas.

· Possess a risk awareness mindset and logical thinking abilities, quick leaner, adaptability, and proactive approach to problem solving

· Effective communication , presentation and negotiation skills

· Capability to build and sustain relationships

· Expertise in conducting investigations and addressing challenges

· Accountability and openness to feedback and new ideas.

· Good English communication skill.

Information Security will partner with Axons' IT team to manage and support all-level stakeholders, ensure policies, processes, practices, and technologies are successfully implemented and maintain. Oversight performance measurement, and course correction of all information security activities. This role includes awareness activities, analytics and support internal investigation function. Overall team should ensure information security compliance align between external and internal requirements, mitigating risk commensurate with the organization's risk tolerance.

Responsibilities:

• Plan, execute, and maintain information security risk program
• Allocate adequately trained/skilled resources to implement the information security risk program and plan
• Measure and monitor cost, schedule, and performance of the program
• Establish and execute information security risk management process
• Implement, and enforce information security policies
• Ensure that controls are adequate to meet legal, regulatory, policy, standards, and security requirements through controls review exercises
• Manage relationship and interface with external parties, e.g., regulator, HR, legal, compliance, risk management, suppliers.
• Plan, develop and conduct information security awareness activities, including an enterprise-wide role-based information security awareness and training program
• Manage the employment lifecycle, including performance, knowledge, skills, capabilities, and availability of the information security risk team.
• Perform analytics in the support for enterprise risk management activities
• Perform forensic analytics in the support for hazardous risk response, including internal investigation

Qualifications:

• Minimum 6 years of experience in fields relating to of risk management, IT audit, analytics, information security and technology, and/or information technology management with large enterprise or consulting firm
• Background in IT Audit/ IT Assurance and/or developer will be advantage
• Experience with project/program management for large and multi-national enterprise
• Experience with policy development and implementation is a plus.
• Experience with awareness training and/or people coaching is a plus.
• Experience with data analytics is a plus.

Skills & Knowledge:

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ISO/IEC 2000, CIS, and NIST.
• Knowledge of regulation and standards compliance for information security domain
• Knowledge of analytics technology
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams plus financial and planning skills
• Project management or Relevant professional certification is a plus.

Benefits:

• Work From Anywhere
• Fixed Bonus
• Healthcare Allowance for employee and family member
• Flexible Working Hours
• Work From Anywhere Allowance
• Special Interest rate for home loan

Location: Bangkok (Hybrid Working)

About the Company

Cathcart Technology is assisting a leading technology-driven organization to find an experienced Information Security Specialist. This role will play a critical part in strengthening the security of a financial platform in cloud environments. You'll be working closely with teams, regulators, and external vendors to ensure compliance with regulations, while applying best-practice security standards

Responsibilities

• Design and implement cybersecurity policies and frameworks such as ISO/IEC 27001 & NIST
• Conduct risk and vulnerability assessments, and recommend strategies to mitigate threats
• Develop cybersecurity strategies to ensure protection of internal technology operations
• Collaborate with internal risk owners to develop risk assessment process
• Lead in preparing cybersecurity risk/incidents, and reporting to executive management & regulators.

Qualifications

• Bachelor's Degree in IT, Computer Science, Engineering, or related field
• At least 3 years of experience working in the IT/Information Security field
• Strong knowledge of IT Security standards & best practices (ISO/IEC 27001, NIST, COBIT, PCI DSS, ITIL).
• Skills in cybersecurity assessments and controls
• Experience in a highly regulated industries (Financial) would be advantageous

If you're looking to take a next step in your Cybersecurity Career, we'd love to hear from you.

Please feel free to contact Cathcart Technology at for more details.

Responsibilities :

·    Ensuring information security compliance with external and internal requirements and mitigating risk commensurate with the organization's risk tolerance.

·    Provide/Develop awareness activities including analytics and support to internal function.

·    Develop and report monthly and metrics to management on regularly basis for Information Security Risk.

·    Ensures and support that the organization's leadership, staff, policies, processes, practices, and technologies provide ongoing maturity measurement related cybersecurity and all information security activities.

Qualifications :

·    Bachelor's degree in computer engineering, Computer Science, Information Security or IT related field.

· years of experience in cybersecurity, information security or risk management or related field.

·    Experience with GRC or Information security tools, data analytic and some programming skill, etc.

·    Knowledge of common information security management frameworks, such as ISO/IEC 27001, ISO 27799.

Location :Samitivej Srinakarin Hospital or Bangkok Hospital

Job Purpose:

Responsible for monitoring and analyzing security events, identifying potential threats, and implementing solutions to prevent security breaches. The SOC Analyst will work closely with other IT professionals to ensure the safety and integrity of our organization's data.

Location : Avani Charoen Nakhon (Thonburi) with shuttle van service from BTS Krungthon

Key Responsibilities:

• Continuously monitor security alerts and events from various sources including firewalls, intrusion detection , threat protection systems, and security information and event management (SIEM) systems.
• Investigate security incidents, identify root causes, and recommend corrective actions to mitigate threats.
• Actively participate in the incident response process, including incident detection, analysis, containment, eradication, and recovery.
• Conduct routine security vulnerability assessment scan and provide remediation or mitigation suggestions for the discovered vulnerabilities.
• Stay updated on the latest cybersecurity threats and trends, and utilize threat intelligence to enhance the organization's security posture.
• Maintain accurate and detailed records of security incidents, response actions, and follow-up activities.
• Work with other IT and security teams to develop and implement security policies, procedures, and best practices.
• Generate reports on security incidents, trends, and overall security posture for management and stakeholders.
• Safeguards information system assets by identifying and solving potential & actual risks.
• Recognizes problems by identifying abnormalities, investigating forensics, detect violations and conducting periodic audits.
• Implements security improvements by assessing current situation, evaluating trends & anticipating requirements.
• Maintains quality service by following industrial standards.

Job Specification:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2+ years of experience in a SOC Analyst or similar role.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ are preferred.
• Proficiency in using security tools and technologies such as SIEM, EDR software and VA scan tools.
• Strong analytical and problem-solving skills with the ability to think critically and act decisively under pressure.
• Strong knowledge of information security best practices and standards.
• Good understanding and appreciation of technology development life cycles.
• Ability to work effectively in a team-oriented environment and collaborate with colleagues from diverse backgrounds.
• High attention to detail and accuracy in monitoring, detection, and documentation of security events.
• Self-motivated, proactive, and self-initiative.
• Excellent verbal and written communication skills with the ability to convey complex technical information to non-technical stakeholders.
• Good command of English.

Job Title
:
INFORMATION SECURITY OFFICER

Position type
: Full time

Place of work
: Bangkok, Silom

Salary
: Negotiable

Working conditions
: Normal working hours

Department/Function
: Information Security & Risks

Reporting to Title
: Head of Information Security & Risk

The company and the mission:

BRED IT (Thailand) a wholly owned subsidiary of the French bank BRED Banque Populaire based out of Paris (BPCE Group).

BRED IT was established in 2008 with the objective to become the IT hub for BRED Group Commercial Banks in South East Asia, Pacific Ocean, and the Horn of Africa areas.

In parallel, BRED IT has expanded its activities since 2011 to also provide remote IT services to Paris Headquarters.

Today, with more than 200 employees, BRED IT fully supports Banque Franco Lao in Laos, BRED Bank Cambodia, BRED Bank Vanuatu, BRED Bank Solomon Islands, BRED Bank Fiji and Banque pour le commerce et l'industrie Mer Rouge (BCIMR) in Djibouti:

BRED IT hosts and manages all layers of BRED International Banks Information Systems: From Infrastructures to Applications (Core Banking, Internet/Mobile Banking, E-Payments…), on a 24x7 basis.

Half of the activity is currently performed for BRED Headquarters, with a focus on Projects (built with Java, COBOL, PHP, DataStage) and Production/Devops.

We are a unique company, thanks to our identity and our history: We place our expertise at the service of BRED Group and develop our activities with an entrepreneurial structure.

By putting BRED group best interests first, it allows us to deliver tailor-made solutions with high value-added.

Experience:

• A first experience in IT field is required.

Personal Competencies:

• The candidate should be trained in IT Security.
• Deep knowledge of at least one field of cybersecurity (governance of cybersecurity, network security, secure coding, endpoint security, configuration hardening, AD security…) and good knowledge of the others.
• Strong analytical skills and excellent synthesis skills: He/she is able to cross-check multiple sources of information on technical matters to produce synthesis for non-specialists.

Soft skills:

• Ability to interact with non-specialists on a daily basis
• Communication skills and ability to present his/her work to potentially large audiences
• Curiosity and willingness to keep track with technical evolutions

Education:

• Minimum Bachelor's degree BSc. Computer Science.

Language skills:

• Good command in English.
• Good command in French strong plus for this position.

What we offer:

• Attractive compensation (includes fixed and performance bonus)
• Hybrid working mode with 2 days work from home per week with flexible working hours
• Additional 10 days of work from anywhere per year
• Work from home allowance for you to buy equipment to facilitate working at home
• Standby and Overtime allowance for Level 2 support employees who are required to work on a 24x7 basis
• Annual leave from 14-25 days
• Provident Fund with competitive company contribution rates starting from 6% up to 12%
• Medical insurance and life insurance covering employee and dependent; spouse and child or children from your first day
• Outpatient Department (OPD) coverage of 2,500THB per visit for 31 visits per year.
• In Patient Department (IPD) coverage.
• Dental Care coverage of 4,000THB per year.
• Eye Care coverage of 5,000THB per year.
• Employee Assistance Program (EAP) providing mental support for colleagues to release stress and alleviate employee life problems.
• Learning and Development benefits.
• Monthly activities.
• Annual Health checkup benefits

Key Responsibilities:

• Conduct thorough security assessments and audits to identify potential vulnerabilities and threats to information systems.
• Develop and implement effective security policies, procedures, and controls to ensure the confidentiality, integrity, and availability of data.
• Provide expert guidance on security architecture and the deployment of security technologies.
• Monitor and analyze security incidents, conducting root cause analysis and implementing corrective actions.
• Perform risk assessments and develop risk mitigation strategies tailored to the specific needs of each client.
• Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements.
• Conduct security awareness training for clients to promote best practices and enhance overall security posture.
• Collaborate with IT teams, management, and other stakeholders to ensure seamless integration of security measures.
• Prepare detailed reports and presentations to communicate findings, recommendations, and progress to clients and management.
• Assist in the development and execution of incident response plans and disaster recovery strategies.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or similar are highly desirable.
• Proven experience as an Information Security Consultant or in a similar role.
• Strong understanding of security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR).
• Experience with security technologies, including firewalls, intrusion detection/prevention systems, and encryption tools.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and manage multiple projects simultaneously.
• Strong organizational skills and attention to detail.
• Experience in conducting security training and awareness programs is a plus.

About the Job

As a Local Information Security Officer (ISO) at Allianz Technology Thailand, you will play a crucial role in driving the implementation and evolution of the Allianz SE Group and Technology Information Security Framework and related guidelines. You will ensure compliance with the IS framework by providing control assurance for services offered to customers, as well for those that are consumed by the hub. In addition, this role is also responsible for Protection & Resilience (P&R) matters including Business Continuity Management (BCM), Crisis Management (CM) and Protective security management

Your role will be pivotal in fostering a secure and resilient environment for Allianz Technology Thailand, aligning with Allianz's commitment to protection and resilience. Dive into a dynamic environment where your expertise will drive information security excellence and protect Allianz's interests.

What you do

Information Security Officer (ISO)

• Drive the implementation of and ensure compliance with Group-wide standards, regulatory requirements and industry security standards included but not limited to Global information security framework assessment, Global functional rule assessment, DORA, NIS2 in all Allianz Technology services and in projects.
• Oversee the compliance reporting process for local entities; assess and address deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Lead local Information Security Steering Boards and support preparation of Information Security action plans.
• Support local executive body in their regulatory Information Security-related governance requirements and their responsibility to set up sound organizational and operational structures and procedures.
• Implement the actions under the LISO´s responsibility (e. g. IS Management Meetings, ISSB meetings, IS Risk Management), proactively manage the implementation of relevant follow-up measures in a timely manner.
• Ensure that all Allianz Technology IS Governance related documents are ratified by local entity management and follow up on the implementation of those.
• Serve as Local contact point for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions.
• Provide information security consulting and liaison with all relevant stakeholders.
• Systematically assess the effectiveness of security controls in all services provided by Allianz Technology, its partners and third-party providers.
• Drive Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Ensure that all IS related deviations (aka IS risks) are reported in the GRC tool and managed there as defined in the information security risk management process
• Promote awareness of Allianz Technology security requirements and processes via regular communication to workforce across multiple channels.
• Manage the local roll-out of global information security trainings and monitor and report the attendance of local workforce
• Engage with senior stakeholders and providing regular, high-impact reports to the regional management, the Allianz Technology Thailand Board of Directors, and the Board of Management of Allianz Technology
• Regularly exchange with and contribute to the regional and global Allianz Technology ISO community.
• Support the annual IT compliance reporting process for the local entity.
• Support local management in their regulatory Information Security-related governance requirements.

Protection & Resilience (P&R)

• Perform the Business Continuity Management (BCM) lifecycle activities for Allianz Technology Thailand, including business impact analysis (BIA), risk identification and assessment (RIA), response strategies, response planning, exercise and testing
• Monitor and advise about applicable laws and regulations and ensure that the Allianz Technology Thailand ratifies the Protection and Resilience Policy
• Act as resilience point of contact and coordinate resilience related requests; verify IT Disaster Recovery (DR) capabilities, identify possible IT DR gaps and ensure DR data consistency
• Monitor incidents with potential crisis and report these to the Allianz Technology Crisis Unit Office
• Regularly assess resilience controls and report results to Protection & Resilience Office
• Create internal awareness of Protection & Resilience and associated responsibilities within Allianz Technology Thailand
• Regularly participate in reviews being undertaken by global Protection & Resilience Office
• Coordinate and assess the organization maturity in protective security management.
• Perform annual review and execution of organizational business continuity plan and

What you bring

• Bachelor's or master's degree in computer or information technology in related fields
• Recognized Information Security Certifications e.g. CISSP, CISA, CISM. CRISC, PCI DSS or ISO27001 Lead Auditor preferred
• 8+ years of experience in information security, Information risk management, controls assurance & compliance programs.
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
• Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
• Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
• Strong presentation skills
• Excellent communication skills, interpersonal, oral, and written in English

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centers, networks, and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at:

Commitment to Integrity, Fairness & Inclusion

Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. Ultimately, our greatest strength as a company lies in the unique skills, experiences, and backgrounds our employees contribute.

To Recruitment Agencies:

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agency or search firm recruiters. When we engage with recruitment agencies, the partnership is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate is ultimately employed by Allianz.

Key Responsibilities:

• Contribute to implementation, maintenance along with continuous improvement and associated instructional documentation of ISMS and its controls in line with the requirements of ISO 27001 and similar standards.
• Ensure compliance and maintenance of ISO 27001 standard as well as all Information Security requirements with respect to laws, regulations, client requirements, NTT DATA and Group requirements including active participation in internal and external ISMS audits.
• Support in information security audits, performed by organization or third-party personnel.
• Ensure that IT systems are assessed against Information Security criteria and operate in compliance with the instructional Information Security documentation.
• Conduct wide gap assessment of ISMS clauses and control implementation.
• Ensure vulnerability management, tracking and reporting.
• Works close together with the IT department to set Information security standard for Cyber Security which is operated by the IT department.
• Support in preparing management Information Security reports and dashboards.
• Review and respond to customer Service Agreements/RFPs/RFIs with respect to Information Security related clauses/questionnaires.
• Active participation in Information Security External certification audits, internal audits, and gap assessments.

Qualifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science degree or related field.
• Information Security certifications such as ISO 27001 Lead Auditor/Implementer, CISM & CEH or equivalent preferred.
• Skilled experience in information security, managing and conducting audits.
• Skilled experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
• Seasoned familiarity with information security frameworks and standards.
• Seasoned understanding of risk assessment methodologies, compliance, and policy development.
• Strong communication and interpersonal skills for effective collaboration.
• Fluent in English. Multilingual skills are an advantage.