PositionInformation Security Manager (Regional) (210K-230K)Our ClientA Global Leading Retail CompanyLocationBangkok, ThailandReport toInformation Security Regional ManagerResponsibilities:
Support Business Units: Provide guidance and support on information security requirements to various business units.
Oversee Information Security: Manage all facets of information security, including threat identification, incident response, and resolution.
Maintain Security Governance Framework: Develop, implement, and maintain a robust, organization-wide information management and protection framework.
Collaborate with Regional ISO Teams: Work alongside other Information Security Officers in the region to support cross-country security initiatives and standardization.
Ensure Legal Compliance: Collaborate with the legal team to implement measures that ensure compliance with applicable data protection and information management laws and regulations.
Lead Security Awareness & Training: Oversee security awareness initiatives and deliver ongoing training programs to enhance employee understanding and adherence to security best practices.
Manage Daily Security Operations: Execute day-to-day security functions, including vendor risk assessments, privacy and compliance checks, policy enforcement, and communication of security updates.
Monitor Regulatory Requirements: Identify and manage internal and external compliance needs (e.g., PCI DSS, data privacy laws), ensuring adherence to established policies, standards, procedures, and controls.
Qualifications:
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Business-level fluency in both Thai and English is essential
GRC Expertise:
Good working knowledge of information security
(Preferred) Ability to perform cyber threat risk analysis
Solid familiarity with relevant security and data privacy laws, regulations, and standards.
Practical understanding of various information security frameworks and their implementation.
Strong knowledge and hands-on experience in information risk assessment and regulatory compliance.
Good working knowledge of information security governance frameworks such as ISO/IEC 27001 and ISO/IEC 27701.
Certifications:
(Preferred) Possession of relevant technical and/or security certifications such as CISA, CISM, CISSP, SANS, or GIAC.
Additional Skills and Attributes:
Skilled in business process analysis.
Strong team player who can also work independently.
Willingness and ability to travel regionally as required.
Highly self-motivated with a strong sense of responsibility and ownership.
(Preferred) Prior experience working in a multinational or global organization.
Excellent multitasking and prioritization abilities with a proven track record of project completion.
