Job Description
Apply now
Job Title:  Manager - Information Security
Posting Start Date:  19/12/2025
Job Description: 

Job Purpose (Accountability)

Develop and implement the organization’s Cyber Security strategy to safeguard information assets and ensure compliance with applicable laws and regulations. Establish, review, and update Cyber Security policies and IT risk controls in collaboration with relevant stakeholders to strengthen the organization’s security posture. Manage and control budgets related to security tools and support effective internal and external audits.

Duties / Responsibilities

  1. Develop and implement Cyber Security strategies to align with the organization’s mission and objectives.
  2. Oversee and guide the Information Security team’s operations to ensure efficiency, effectiveness, and compliance with standards.
  3. Establish, review, and update policies, measures, and practices related to Cyber Security, personal data protection (PDPA Security), and IT risk management on a regular basis.
  4. Manage and control budgets for Cyber Security tools and solutions, including assessing cost-effectiveness and value of utilization.
  5. Collaborate with relevant departments and stakeholders to ensure consistent and aligned security operations.
  6. Monitor, analyze, and assess cyber threat intelligence and provide strategic reports and recommendations to management.
  7. Support internal (Internal Audit) and external (External Audit) audits related to Cyber Security to ensure compliance with applicable laws, regulations, and relevant standards.
  8. Conduct analysis of threats, vulnerabilities, and risk assessments, develop preventive measures to mitigate risks, and prepare reports to management for decision-making.
  9. Foster and develop the capabilities of the Cyber Security team to enhance knowledge, skills, and adaptability to evolving threats and emerging technologies.
  10. Manage and coordinate the organization’s security incident response and disaster recovery plans.
  11. Promote and deliver Cybersecurity Awareness training programs for employees across the organization.

Education

Bachelor Degree in Information Technology or Computer sciences

Work Experience

Minimum 8 years experience

Certificate

  1. Knowledge of ISO 27001, NIST, PDPA, and Risk Management standards.
  2. Professional certifications such as CISSP, CISM, or CISA are preferred.

TOEIC

Minimum score 650 or above.
Apply now