PRTR is currently looking for an experienced Security Compliance Expert (145K) to join one of Thailand’s largest and most reputable companies.
This position will be within local MSIP organization with a primary objective to manage customer and GSC delivery team and identify security control gaps as well as vulnerabilities. Professionals with their wide demonstrated ability would be encouraged to ensure that the Managed Services delivery unit adheres to the security compliance requirements as per the customer’s security policy and any applicable regulatory requirements. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured.
- Managing customer key stake holders and Global delivery team.
- Ensuring any security audit is well managed and handle based on support from respective team.
- Ensuring that Information Security Requirements for the specific contract will be adhered to and maintained.
- Performing periodic risk and security assessments based on compliance, review and propose updates to the Information Security Requirements based on risk and security assessments.
- Maintaining the personnel’s awareness of up-to-date security policies and procedures.
- Maintaining the procedures to ensure management of security for systems under MS contracts.
- Performing periodic checks that only the authorized persons have access rights to information, systems, and facilities, and report findings.
- Performing periodic review of baseline security standard for the operating systems and network devices.
- Tracking the closure of identified gaps and reporting compliance periodically.
- Ensuring that all relevant security process and procedure documents are up to date and reviewed periodically.
- Performing periodic review of the contracted customer delivery against ISO27001 standard v Test the security control efficiency and identify gaps (if any) Assist in security exception handling process v Provide recommendations in lieu of security exceptions, provide risk analysis, and recommend actions.
Candidate Prerequisites & Qualifications:
- BE/ B.Tech (Telecommunication/ Computer Science) / MBA.
- 5+years in security Governance, Risk and Compliance (GRC).
- ISO 27001 Lead Implementer, ITIL, CEH, OSCP, CISA, CISSP, and CISM certifications will be an advantage.
- Good understanding of ISMS (Information Security Management System), ISO27001 standard and prior experience of conducting IT audits.
- Knowledge of data privacy and GDPR.
- Should be adept at conducting gap analysis & risk assessments to identify high risk areas and recommend controls to address the risk areas.
- Understanding of enterprise computing environments, distributed applications, and a solid understanding of TCP/IP networks, also with available security control (technical & process control) for respective layers.
- Excellent communication skills, English is a must.
- Good documentation, analysis skills.
- The ability to work constructively under pressure.
- Ability to work both in a team as well as individually v Knowledge sharing & teamwork skills v Customer oriented, Service minded v Deliver results & meet customer expectations.