Responsibilities:

• Regional Team Support: Assist other local ISO members in various regions as part of a regional ISO team.
• Support Business Units: Manage and provide support for information security requirements across different business units.
• Conduct Security Awareness & Training: Manage information security awareness programs and provide ongoing training to all staff.
• Oversee Information Security: Manage all aspects of information security, including addressing threats and incidents, and driving their resolution.
• Maintain Security Framework: Develop and uphold an effective company-wide information management and protection framework for strong governance.
• Ensure Legal Compliance: Collaborate with the legal team to identify and implement actions that ensure compliance with relevant information management and protection laws and regulations.
• Manage Daily Security Operations: Handle day-to-day security activities, such as conducting vendor and privacy security assessments, implementing company policies, and communicating program updates.
• Track Regulatory Requirements: Identify, monitor, and manage internal and external compliance and regulatory needs (e.g., PCI, data privacy) for the organization, ensuring adherence to established policies, procedures, standards, and controls.

Qualifications:

• Bachelor's degree in Information Technology, Security, Computer Science, or a related field.
• Certifications: (Preferred) Relevant technical and/or security certifications (e.g., CISA, CISM, CISSP, SANS, GIAC).
• Business-level fluency in both Thai and English is essential (IELTS 6.5+, TOEIC 800)
• GRC Expertise:
  • In-depth knowledge and hands-on experience with information risk assessment and compliance requirements.
  • Solid understanding and practical application of various information security frameworks.
  • Strong familiarity with relevant laws, regulations, and standards concerning security and data privacy.
  • A good grasp of information security governance frameworks such as ISO27001 and ISO27701.
  • (Preferred) The ability to perform risk analysis for cyber threats.
• Adept at Business Process Analysis.
• Regional travel is required for this role.
• Preferred candidates with prior multinational work experience.
• Highly motivated with a strong sense of responsibility and ownership.
• Excellent ability to multitask, prioritize effectively, and complete projects.
• Capable of working both independently and collaboratively within a team.