Develop and maintain policies, processes, procedures, and standards related to IT security. Collaborate with other teams to ensure the other IT policies, processes, procedures, and standards are up to date.
Execute and implement the Information Security Management System, ISO27001 and SWIFT Security Control.
Collaborate with other teams to implement IT security internal control to ensure the bank complies with applicable cybersecurity regulatory requirements, laws and global standards. Continuous adopt the IT security controls and processes improvement.
Collaborate with IT Risk owners to develop risk assessments and establish risk response programs and reporting according to Bank's Policy and Framework.
Conduct a gap analysis regarding regulatory requirement changes and stay updated on industry trends and emerging technologies.
Support audit fieldwork for internal auditors, external auditors, Bank of Thailand auditors and other regulators regarding IT security documentation and review of information compliance.
Track and update status of IT audit issues for IT Management.
Conduct security awareness programs and training. Conduct knowledge sharing to update new IT security controls required by regulators, laws and global standards, and collaborate with other teams to conduct knowledge sharing to update new security technologies and threats
Qualifications:
Bachelors or Master of Information Technology, Computer Engineering or related field.
At least 5 years of experience in Information Technology, Security Governance, IT Risk, IT Compliance or IT Audit in Banking /Financial.
Experience in relevant local and international security standards and best practices such as ISO27001, NIST, COBIT.
Experience in IT Security, Governance, Risk management, and Compliance, Lead Auditor/Lead Implementer, or similar is preferred.
Certified in ISO27001 Lead Auditor or CISA, CISM is preferred.
Strong knowledge of local regulatory requirements (TH) and backgrounds in the Banking/Financial industries.
