IT Security and Compliance Manager (1-year Contract) - #1093758

Job Summary: 

As the IT Security and Compliance Manager, you will develop, implement, and maintain IT security strategies, systems, and processes to protect the organisation's on-premises and cloud-based systems and data. You would need to ensure compliance with IT security policies, annual audits, industry standards, and regulatory requirements, such as ISO 27001 and PDPA, while supporting business continuity and disaster recovery efforts. You will work closely with both application and infrastructure teams to continuously evaluate and enhance security posture by adopting emerging technologies and best practices in cybersecurity. Additionally, you will plan and lead incident response efforts by establishing frameworks to detect, investigate, and mitigate cybersecurity breaches or threats.

Job Description:

Specific (85%)

• Oversee and manage IT security, audits, and compliance, ensuring the implementation of robust security measures, adherence to regulatory requirements, and the effective management of risks, data protection, and business continuity planning. Recommend and implement innovative tools and solutions to improve the organisation's cybersecurity posture.
• Security Implementation: Implement and review IT security systems, tools, system patches, upgrades and solutions to safeguard application, system and infrastructure.
• System and Audit Compliance: Ensure continuous improvement and compliance of on-premises and cloud-based systems with applicable security and regulatory standards (e.g., ISO 27001, PDPA). Work with CISO, internal teams, cyber insurance, vendors and external auditors to meet compliance requirements with security policies.
• Security Operations: Manage, monitor, and establish security operations procedures, including incident response workflows, tabletop exercise and drill.
• Risk Management: Conduct regular assessments to identify IT risks and vulnerabilities. Plan and implement mitigation strategies to minimise security risks.
• Cybersecurity Awareness: Plan and conduct training programs to promote cybersecurity awareness among employees. Educate staff on best practices for secure system use and data protection.
• Data Governance & Protection: With closely with DPO to implement data security controls and ensure compliance with data governance frameworks and PDPA.
• Business Continuity Planning (BCP): Plan and put in place effective BCP plan for operational continuity with key stakeholders. Organise cybersecurity assessments and tabletop exercises to test and refine plans.
• Disaster Recovery Plan (DRP): Plan and put in place disaster recovery strategies and procedures for IT systems and data. Coordinate with application and infrastructure teams to ensure recovery objectives are met through regular testing and updates.
• Incident Response: Lead and coordinate incident response efforts, ensuring swift resolution of cybersecurity breaches. Establish and maintain post-incident reporting and root cause analysis processes.
• Assist Head of IT in the planning of annual IT budgets and projects planning.

General (15%)

• Work closely with the infrastructure and network team to ensure maximum system stability and uptime.
• Any other duties, tasks and non-IT related events as assigned by Head of information Technology.