As a Security Strategy & Advisory at SCBX, you will play a crucial role in supporting the development and implementation of the SCBX group security cybersecurity strategies and providing expert security advisory to stakeholders.
You will work closely with senior team members to contribute to security strategy and group assessments to ensure the organization's cybersecurity posture aligns with business goals, industry standards, and regulatory requirements. Join our team and gain valuable experience while assisting to strengthen our security posture through effective security strategy planning.
Responsibilities:
- Develop and implement the SCBX group's security strategy in alignment with business goals and industry best practices.
- Collaborate in establishment of cybersecurity policies, standards, and others to manage cyber risk across the SCBX group and ensure established policies and standards compliance with internal policies, industry standards such as NIST and regulatory requirements.
- Conduct comprehensive security assessments across SCBX group to identify risks and areas for improvement and ensure strategy from assessment aligning with the overall goals and direction of SCBX.
- Provide expert cybersecurity advisory to SCBX group and serve as a subject matter expert in cybersecurity for new projects and initiatives.
- Develop and implement cybersecurity training programs for employees, promoting a culture of security awareness.
- Collaborate in the establishment and maintenance of Cybersecurity Operating Models and related cybersecurity processes.
- Develop, track, and report key cybersecurity performance metrics (KPIs) and assigned report to measure the effectiveness of cybersecurity strategies, risk management, and compliance efforts for senior management and relevant stakeholders.
Requirements:
- Bachelor's degree in information security, computer science, computer engineer or a related field.
- Professional certifications such as CISSP, CISM, CISA, CRISC, or similar are a plus.
- 3+ years of progressive experience in cybersecurity consulting / strategy / assessment / implementing cybersecurity strategies with a proven record of accomplishment of driving successful security assessment and governance in large and complex organization.
- Experience working with a global consulting firm is a plus.
- Strong understanding of regulatory frameworks and industry standards such as BOT, PDPA, GDPR, NIST, ISO 27001 and SOC2.
- Possess excellent consulting skills such as critical thinking, effective communication, storytelling, written communication skills and the ability to present technical concepts in a clear and understandable manner, making it accessible to executives.
- Demonstrate a comprehensive understanding of one of security domains, including GRC, IAM, Cloud Security, Data Security, Application Security, and Cyber Defense, while also being familiar with contemporary security concepts such as Zero Trust.
- Excellent communication and leadership skills, with the ability to influence and collaborate with stakeholders at all levels and proficiency in creating compelling and concise PowerPoint presentations.
- Demonstrate the ability to work as a part of a team, take ownership of projects, and drive them to successful completion.
- Strong analytical and problem-solving abilities with a detail-oriented approach to development and implementation of security strategies.
About Us
SCBX is the mothership of the financial technology business group, comprising 12 subsidiary companies that operate across three key business pillars: Banking Business, Consumer and Digital Finance Business, and Platform and Technology Business. In addition, SCBX also focuses on Climate Technology, aspiring to become The Most Admired Regional Financial Technology Group.
The company conducts its business with flexibility and prudence in governance and risk management and has possesses the potential to compete equally in global competitions.
