Job Purpose (Accountability)
Develop and maintain Cyber Security policies, measures, and practices in compliance with applicable laws, regulations, and standards. Assess and monitor IT security risks, including preparing and continuously updating the Security Risk Register. Support audits conducted by internal (Internal Audit) and external (External Audit) parties. Coordinate with relevant departments to control and protect personal data in accordance with PDPA requirements. Develop and deliver Cyber Security Awareness training for employees. Prepare Compliance Gap Analysis reports and Remediation Plans to strengthen the organization’s security and regulatory compliance.
Duties / Responsibilities
- Develop, review, and improve Cyber Security policies, measures, and practices to ensure compliance with relevant laws, regulations, and international standards.
-
Assess and monitor IT security risks, and regularly maintain and update the Security Risk Register.
-
Prepare Compliance Gap Analysis reports and develop Remediation Plans to reduce risks and enhance compliance.
-
Support and facilitate audits conducted by both internal (Internal Audit) and external (External Audit) parties regarding Cyber Security and IT Security.
-
Coordinate with relevant departments to manage and control personal data protection in accordance with PDPA requirements.
-
Design and implement Cyber Security Awareness training and activities for employees to promote understanding and awareness of Cyber Security.
-
Prepare and present reports on risks, security, and compliance to management and relevant stakeholders.
-
Keep up to date with new standards, laws, and regulations related to Cyber Security and Data Protection, and recommend appropriate adoption within the organization.
Education
Work Experience
TOEIC
Minimum score 650 or above.
Other Qualification
- Knowledge of ISO 27001, NIST, PDPA, SOX, or GDPR
- Professional certifications such as ISO 27001 LA/LI, CISA, or CRISC will be considered an advantage.