25 Threat Modeling jobs in Thailand

Location: Bangkok (Hybrid Working)

About the Company

Cathcart Technology is assisting a leading technology-driven organization to find an experienced Information Security Specialist. This role will play a critical part in strengthening the security of a financial platform in cloud environments. You'll be working closely with teams, regulators, and external vendors to ensure compliance with regulations, while applying best-practice security standards

Responsibilities

• Design and implement cybersecurity policies and frameworks such as ISO/IEC 27001 & NIST
• Conduct risk and vulnerability assessments, and recommend strategies to mitigate threats
• Develop cybersecurity strategies to ensure protection of internal technology operations
• Collaborate with internal risk owners to develop risk assessment process
• Lead in preparing cybersecurity risk/incidents, and reporting to executive management & regulators.

Qualifications

• Bachelor's Degree in IT, Computer Science, Engineering, or related field
• At least 3 years of experience working in the IT/Information Security field
• Strong knowledge of IT Security standards & best practices (ISO/IEC 27001, NIST, COBIT, PCI DSS, ITIL).
• Skills in cybersecurity assessments and controls
• Experience in a highly regulated industries (Financial) would be advantageous

If you're looking to take a next step in your Cybersecurity Career, we'd love to hear from you.

Please feel free to contact Cathcart Technology at for more details.

Responsibilities :

·    Ensuring information security compliance with external and internal requirements and mitigating risk commensurate with the organization's risk tolerance.

·    Provide/Develop awareness activities including analytics and support to internal function.

·    Develop and report monthly and metrics to management on regularly basis for Information Security Risk.

·    Ensures and support that the organization's leadership, staff, policies, processes, practices, and technologies provide ongoing maturity measurement related cybersecurity and all information security activities.

Qualifications :

·    Bachelor's degree in computer engineering, Computer Science, Information Security or IT related field.

· years of experience in cybersecurity, information security or risk management or related field.

·    Experience with GRC or Information security tools, data analytic and some programming skill, etc.

·    Knowledge of common information security management frameworks, such as ISO/IEC 27001, ISO 27799.

Location :Samitivej Srinakarin Hospital or Bangkok Hospital

Job Purpose:

Responsible for monitoring and analyzing security events, identifying potential threats, and implementing solutions to prevent security breaches. The SOC Analyst will work closely with other IT professionals to ensure the safety and integrity of our organization's data.

Location : Avani Charoen Nakhon (Thonburi) with shuttle van service from BTS Krungthon

Key Responsibilities:

• Continuously monitor security alerts and events from various sources including firewalls, intrusion detection , threat protection systems, and security information and event management (SIEM) systems.
• Investigate security incidents, identify root causes, and recommend corrective actions to mitigate threats.
• Actively participate in the incident response process, including incident detection, analysis, containment, eradication, and recovery.
• Conduct routine security vulnerability assessment scan and provide remediation or mitigation suggestions for the discovered vulnerabilities.
• Stay updated on the latest cybersecurity threats and trends, and utilize threat intelligence to enhance the organization's security posture.
• Maintain accurate and detailed records of security incidents, response actions, and follow-up activities.
• Work with other IT and security teams to develop and implement security policies, procedures, and best practices.
• Generate reports on security incidents, trends, and overall security posture for management and stakeholders.
• Safeguards information system assets by identifying and solving potential & actual risks.
• Recognizes problems by identifying abnormalities, investigating forensics, detect violations and conducting periodic audits.
• Implements security improvements by assessing current situation, evaluating trends & anticipating requirements.
• Maintains quality service by following industrial standards.

Job Specification:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2+ years of experience in a SOC Analyst or similar role.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or CompTIA Security+ are preferred.
• Proficiency in using security tools and technologies such as SIEM, EDR software and VA scan tools.
• Strong analytical and problem-solving skills with the ability to think critically and act decisively under pressure.
• Strong knowledge of information security best practices and standards.
• Good understanding and appreciation of technology development life cycles.
• Ability to work effectively in a team-oriented environment and collaborate with colleagues from diverse backgrounds.
• High attention to detail and accuracy in monitoring, detection, and documentation of security events.
• Self-motivated, proactive, and self-initiative.
• Excellent verbal and written communication skills with the ability to convey complex technical information to non-technical stakeholders.
• Good command of English.

Job Title
:
INFORMATION SECURITY OFFICER

Position type
: Full time

Place of work
: Bangkok, Silom

Salary
: Negotiable

Working conditions
: Normal working hours

Department/Function
: Information Security & Risks

Reporting to Title
: Head of Information Security & Risk

The company and the mission:

BRED IT (Thailand) a wholly owned subsidiary of the French bank BRED Banque Populaire based out of Paris (BPCE Group).

BRED IT was established in 2008 with the objective to become the IT hub for BRED Group Commercial Banks in South East Asia, Pacific Ocean, and the Horn of Africa areas.

In parallel, BRED IT has expanded its activities since 2011 to also provide remote IT services to Paris Headquarters.

Today, with more than 200 employees, BRED IT fully supports Banque Franco Lao in Laos, BRED Bank Cambodia, BRED Bank Vanuatu, BRED Bank Solomon Islands, BRED Bank Fiji and Banque pour le commerce et l'industrie Mer Rouge (BCIMR) in Djibouti:

BRED IT hosts and manages all layers of BRED International Banks Information Systems: From Infrastructures to Applications (Core Banking, Internet/Mobile Banking, E-Payments…), on a 24x7 basis.

Half of the activity is currently performed for BRED Headquarters, with a focus on Projects (built with Java, COBOL, PHP, DataStage) and Production/Devops.

We are a unique company, thanks to our identity and our history: We place our expertise at the service of BRED Group and develop our activities with an entrepreneurial structure.

By putting BRED group best interests first, it allows us to deliver tailor-made solutions with high value-added.

Experience:

• A first experience in IT field is required.

Personal Competencies:

• The candidate should be trained in IT Security.
• Deep knowledge of at least one field of cybersecurity (governance of cybersecurity, network security, secure coding, endpoint security, configuration hardening, AD security…) and good knowledge of the others.
• Strong analytical skills and excellent synthesis skills: He/she is able to cross-check multiple sources of information on technical matters to produce synthesis for non-specialists.

Soft skills:

• Ability to interact with non-specialists on a daily basis
• Communication skills and ability to present his/her work to potentially large audiences
• Curiosity and willingness to keep track with technical evolutions

Education:

• Minimum Bachelor's degree BSc. Computer Science.

Language skills:

• Good command in English.
• Good command in French strong plus for this position.

What we offer:

• Attractive compensation (includes fixed and performance bonus)
• Hybrid working mode with 2 days work from home per week with flexible working hours
• Additional 10 days of work from anywhere per year
• Work from home allowance for you to buy equipment to facilitate working at home
• Standby and Overtime allowance for Level 2 support employees who are required to work on a 24x7 basis
• Annual leave from 14-25 days
• Provident Fund with competitive company contribution rates starting from 6% up to 12%
• Medical insurance and life insurance covering employee and dependent; spouse and child or children from your first day
• Outpatient Department (OPD) coverage of 2,500THB per visit for 31 visits per year.
• In Patient Department (IPD) coverage.
• Dental Care coverage of 4,000THB per year.
• Eye Care coverage of 5,000THB per year.
• Employee Assistance Program (EAP) providing mental support for colleagues to release stress and alleviate employee life problems.
• Learning and Development benefits.
• Monthly activities.
• Annual Health checkup benefits

Key Responsibilities:

• Conduct thorough security assessments and audits to identify potential vulnerabilities and threats to information systems.
• Develop and implement effective security policies, procedures, and controls to ensure the confidentiality, integrity, and availability of data.
• Provide expert guidance on security architecture and the deployment of security technologies.
• Monitor and analyze security incidents, conducting root cause analysis and implementing corrective actions.
• Perform risk assessments and develop risk mitigation strategies tailored to the specific needs of each client.
• Stay up-to-date with the latest security trends, vulnerabilities, and regulatory requirements.
• Conduct security awareness training for clients to promote best practices and enhance overall security posture.
• Collaborate with IT teams, management, and other stakeholders to ensure seamless integration of security measures.
• Prepare detailed reports and presentations to communicate findings, recommendations, and progress to clients and management.
• Assist in the development and execution of incident response plans and disaster recovery strategies.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, or similar are highly desirable.
• Proven experience as an Information Security Consultant or in a similar role.
• Strong understanding of security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR).
• Experience with security technologies, including firewalls, intrusion detection/prevention systems, and encryption tools.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and manage multiple projects simultaneously.
• Strong organizational skills and attention to detail.
• Experience in conducting security training and awareness programs is a plus.

About the Job

As a Local Information Security Officer (ISO) at Allianz Technology Thailand, you will play a crucial role in driving the implementation and evolution of the Allianz SE Group and Technology Information Security Framework and related guidelines. You will ensure compliance with the IS framework by providing control assurance for services offered to customers, as well for those that are consumed by the hub. In addition, this role is also responsible for Protection & Resilience (P&R) matters including Business Continuity Management (BCM), Crisis Management (CM) and Protective security management

Your role will be pivotal in fostering a secure and resilient environment for Allianz Technology Thailand, aligning with Allianz's commitment to protection and resilience. Dive into a dynamic environment where your expertise will drive information security excellence and protect Allianz's interests.

What you do

Information Security Officer (ISO)

• Drive the implementation of and ensure compliance with Group-wide standards, regulatory requirements and industry security standards included but not limited to Global information security framework assessment, Global functional rule assessment, DORA, NIS2 in all Allianz Technology services and in projects.
• Oversee the compliance reporting process for local entities; assess and address deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Lead local Information Security Steering Boards and support preparation of Information Security action plans.
• Support local executive body in their regulatory Information Security-related governance requirements and their responsibility to set up sound organizational and operational structures and procedures.
• Implement the actions under the LISO´s responsibility (e. g. IS Management Meetings, ISSB meetings, IS Risk Management), proactively manage the implementation of relevant follow-up measures in a timely manner.
• Ensure that all Allianz Technology IS Governance related documents are ratified by local entity management and follow up on the implementation of those.
• Serve as Local contact point for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions.
• Provide information security consulting and liaison with all relevant stakeholders.
• Systematically assess the effectiveness of security controls in all services provided by Allianz Technology, its partners and third-party providers.
• Drive Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Ensure that all IS related deviations (aka IS risks) are reported in the GRC tool and managed there as defined in the information security risk management process
• Promote awareness of Allianz Technology security requirements and processes via regular communication to workforce across multiple channels.
• Manage the local roll-out of global information security trainings and monitor and report the attendance of local workforce
• Engage with senior stakeholders and providing regular, high-impact reports to the regional management, the Allianz Technology Thailand Board of Directors, and the Board of Management of Allianz Technology
• Regularly exchange with and contribute to the regional and global Allianz Technology ISO community.
• Support the annual IT compliance reporting process for the local entity.
• Support local management in their regulatory Information Security-related governance requirements.

Protection & Resilience (P&R)

• Perform the Business Continuity Management (BCM) lifecycle activities for Allianz Technology Thailand, including business impact analysis (BIA), risk identification and assessment (RIA), response strategies, response planning, exercise and testing
• Monitor and advise about applicable laws and regulations and ensure that the Allianz Technology Thailand ratifies the Protection and Resilience Policy
• Act as resilience point of contact and coordinate resilience related requests; verify IT Disaster Recovery (DR) capabilities, identify possible IT DR gaps and ensure DR data consistency
• Monitor incidents with potential crisis and report these to the Allianz Technology Crisis Unit Office
• Regularly assess resilience controls and report results to Protection & Resilience Office
• Create internal awareness of Protection & Resilience and associated responsibilities within Allianz Technology Thailand
• Regularly participate in reviews being undertaken by global Protection & Resilience Office
• Coordinate and assess the organization maturity in protective security management.
• Perform annual review and execution of organizational business continuity plan and

What you bring

• Bachelor's or master's degree in computer or information technology in related fields
• Recognized Information Security Certifications e.g. CISSP, CISA, CISM. CRISC, PCI DSS or ISO27001 Lead Auditor preferred
• 8+ years of experience in information security, Information risk management, controls assurance & compliance programs.
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
• Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
• Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
• Strong presentation skills
• Excellent communication skills, interpersonal, oral, and written in English

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform, and innovate the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centers, networks, and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at:

Commitment to Integrity, Fairness & Inclusion

Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. Ultimately, our greatest strength as a company lies in the unique skills, experiences, and backgrounds our employees contribute.

To Recruitment Agencies:

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agency or search firm recruiters. When we engage with recruitment agencies, the partnership is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate is ultimately employed by Allianz.

Key Responsibilities:

• Contribute to implementation, maintenance along with continuous improvement and associated instructional documentation of ISMS and its controls in line with the requirements of ISO 27001 and similar standards.
• Ensure compliance and maintenance of ISO 27001 standard as well as all Information Security requirements with respect to laws, regulations, client requirements, NTT DATA and Group requirements including active participation in internal and external ISMS audits.
• Support in information security audits, performed by organization or third-party personnel.
• Ensure that IT systems are assessed against Information Security criteria and operate in compliance with the instructional Information Security documentation.
• Conduct wide gap assessment of ISMS clauses and control implementation.
• Ensure vulnerability management, tracking and reporting.
• Works close together with the IT department to set Information security standard for Cyber Security which is operated by the IT department.
• Support in preparing management Information Security reports and dashboards.
• Review and respond to customer Service Agreements/RFPs/RFIs with respect to Information Security related clauses/questionnaires.
• Active participation in Information Security External certification audits, internal audits, and gap assessments.

Qualifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science degree or related field.
• Information Security certifications such as ISO 27001 Lead Auditor/Implementer, CISM & CEH or equivalent preferred.
• Skilled experience in information security, managing and conducting audits.
• Skilled experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
• Seasoned familiarity with information security frameworks and standards.
• Seasoned understanding of risk assessment methodologies, compliance, and policy development.
• Strong communication and interpersonal skills for effective collaboration.
• Fluent in English. Multilingual skills are an advantage.

Make an impact with NTT DATA

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA

The Information Security Governance, Risk and Compliance (GRC) Specialist is a seasoned subject matter expert, responsible for supporting the organization's information security program by assessing risks, implementing security controls, ensuring compliance, managing security awareness initiatives, and contributing to policy development.

This role collaborates with internal teams to enhance security practices and maintain a strong security posture.

Key responsibilities:

• Assists in conducting risk assessments and vulnerability assessments.
• Contributes to the development and maintenance of security policies and procedures.
• Collaborates with internal stakeholders to ensure compliance with industry standards and regulations.
• Participates in security awareness and training initiatives.
• Supports incident response activities and investigations as required.
• Monitors and reports on security compliance metrics.
• Assists in the implementation of security controls and best practices.
• Stays updated with emerging security threats and trends.
• Performs any other related task as required.

To thrive in this role, you need to have:

• Seasoned familiarity with information security frameworks and standards.
• Seasoned understanding of risk assessment methodologies, compliance, and policy development.
• Strong communication and interpersonal skills for effective collaboration.
• Strong attention to detail and ability to follow established processes.
• Seasoned project management skills for coordinating security initiatives.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science degree or related field.
• Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred.
• Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable.

Required experience:

• Seasoned experience in information security or related roles.
• Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial.

Workplace type:

On-site Working

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Information Security Governance, Risk and Compliance (GRC) Specialist is a seasoned subject matter expert, responsible for supporting the organization's information security program by assessing risks, implementing security controls, ensuring compliance, managing security awareness initiatives, and contributing to policy development.

This role collaborates with internal teams to enhance security practices and maintain a strong security posture.

Key responsibilities:

• Assists in conducting risk assessments and vulnerability assessments.
• Contributes to the development and maintenance of security policies and procedures.
• Collaborates with internal stakeholders to ensure compliance with industry standards and regulations.
• Participates in security awareness and training initiatives.
• Supports incident response activities and investigations as required.
• Monitors and reports on security compliance metrics.
• Assists in the implementation of security controls and best practices.
• Stays updated with emerging security threats and trends.
• Performs any other related task as required.

To thrive in this role, you need to have:

• Seasoned familiarity with information security frameworks and standards.
• Seasoned understanding of risk assessment methodologies, compliance, and policy development.
• Strong communication and interpersonal skills for effective collaboration.
• Strong attention to detail and ability to follow established processes.
• Seasoned project management skills for coordinating security initiatives.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science degree or related field.
• Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred.
• Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable.

Required experience:

• Seasoned experience in information security or related roles.
• Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial.

Workplace type:
On-site Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.