Job description:
Job DescriptionDesign, implement, and maintain the information security infrastructure of the organization which involve developing and executing security strategies, policies, and procedures to protect IT and digital assets, data, and systems from cyber threats and vulnerabilities.
Job Qualification- Define the Bank's cybersecurity strategy and roadmap
- Define an Enterprise Security Architecture for the Bank and develop relevant IT Security requirements or IT Security standards for Information Technology
- Define security framework for various new technologies such as Cloud, Biometric Technology, etc.
- Provide advice on information security for projects and conduct security risk assessment to identify where the system could not comply with Banks information security policy or requirements, including tracking of exceptions
- Conduct security risk assessment for information systems which provided by external service providers (outsourcer) or system that being connected to an external service provider (third-party)
- Review the information security controls for applications before the system is implemented to production
- Study, select and implement the necessary information security system for the Bank
- Implement DevSecOps technology to increase the security in software development life cycle (SDLC)
- Develop and maintain security standards of various information technologies that the Bank uses
- Develop and maintain security standards of various information technologies that the Bank uses
- Conduct security testing for critical systems or new technologies where required
Preferred Area- Enterprise security architect, secure coding, mobile app security, deep tech security
- Data security, DLP (Data Leakage Prevention)
- Blockchain, digital asset, DeFi/CeFi, cryptographic key
What do you need to succeed- Bachelors or Masters Degree in Computer Engineering, Computer Science, Information Security
- At least 3 years of work experience in a relevant discipline
- Comprehensive understanding of the IT security concepts, especially enterprise security architecture area, risk assessment and related information security standards such as ISO 27001, PCI DSS, etc.
- Ability to analyze end-to-end security process, assess IT security risks of information systems, and provide advice in order to reduce risk to the bank acceptable level
- Ability to study and implement essential IT security standards and controls to enhance the bank's security
- Strong analytical and problem solving capabilities
- Excellent teamwork and interpersonal skills
- Rapid learning capability and able to work under pressure
- Good oral and written communication skills in both Thai and English
- IT Security Architect, Advisory and Engineering Skills
- Certified Security Professional e.g. CISSP, CSSLP, CISA, CISM, CompTIA Security+, ISO 27001 Lead Auditor/Implementer
Conditions of EmploymentFull-time employment