Cro- Information and Security Risk

1 day ago


Thailand ธนาคารทหารไทย จำกัด (มหาชน) Full time

**Responsibilities**:

- Participate in the Risk and Control Self-Assessment (RCSA) and Control Framework (CF) development and review workshops / processes to provide updates on Information Risk Policy, related minimum standards, views on IT / cyber risks and information system controls, and challenge the first line-of-defence functions on risks and key remediation controls during the RCSA and/or CF revisit workshops
- Monitor the new and/or updated IT / cybersecurity laws, regulations, and international standards and review the existing Information Risk Policy, and related minimum standards to identify gaps and propose the required action plans
- Work with team members to review and update Information Risk Policy and related minimum standards according to the defined periodic review cycle to ensure compliance with laws, regulations and in line with international standards or frameworks
- Review and update the contents on e-learning platform for the annual cyber risk awareness training delivery to all staff and concerned parties
- Provide supports to the subordinate specialist team members for the execution of Annual Key Control Testing (KCT) - Quality Assurance (QA) Plan, and review the quality of works done by the subordinate team members as part of KCT QA plan execution
- Coordinate with all relevant parties for IT Non-Financial Risk Committee (IT NFRC) quarterly meeting readiness preparation
- Attend the meetings and provide consult and/or views on IT risk / cyber risk and information system controls to the business units that are product / service owner in the initiative / strategic projects.
- Be the coordinator and provide supports to the Compliance and Internal Audit functions in the annual self-assessment programs and/or IT audits.
- Be the coordinator and provide supports to the regulators e.g., in the Annual IT Examination visit by Bank of Thailand (BOT) and to the external auditors in the independent review
- Participate the annual Business Continuity and/or IT Disaster Recovery plans exercises
- Manage special assignments (if any)

**Qualifications**:

- Master or bachelor’s degree in computer related or equivalent fields
- 8-10 years of professional experienced in Information Security related fields
- 5-10 years of working experienced in banking or financial service industry
- Knowledge and skills in the areas of IT governance, IT / cyber risk, and information systems control
- Knowledge and skills in the areas of system development life cycle,
- Good knowledge and understanding in IT and/or Cybersecurity related laws and regulations such as BOT’s IT Risk Management Implementation, BOT’s Cyber Resilience Assessment Framework (CRAF), Computer Crime Act, Personal Data Protection Act (PDPA), etc.
- Good knowledge and understanding in international standards such as NIST 800-53, ISO 27000 series, ISO 22301, PCI DSS, COBIT, ITIL, etc.
- Certified Information Security Manager (CISM), Certified in Risk and Information System Control (CRISC), Certified Information Systems Auditor (CISA) or Certified Information System Security Professional (CISSP) is an advantage
- Good English communication skills are required
- Good consulting skills
- Good managerial skills, can work under pressure or manage multiple assignments simultaneously to provide deliverables on tim

**Location : Jatuchak (Head Office)**

**For more information**:



  • Thailand KPMG-Thailand Full time

    Our IT Audit professionals advise our clients how to manage IT-related risks to balance the opportunities and threats arising from the use of technology and provide assurance over their IT controls. Literate in the technologies deployed by our clients and with deep industry experience, our professionals provide practical recommendations that cut through...


  • Thailand CIMB Group Full time

    **Responsibilities**: - Implementation the ORM framework and IT Risk Management Policy & Procedure to effectively manage technology related risks, enhance technology resiliency and mitigate risks against technology security threats across CIMBT. - Champion, socialize and embed the progressive development, definition and role of enterprise-wide Technology...

  • Head, Operational Risk

    2 months ago


    Thailand CIMB Group Full time

    **Responsibilities**: - Provide leadership for the implementation of and compliance with the ORM framework and IT Risk Management Policy & Procedure to effectively manage technology related risks, enhance technology resiliency and mitigate risks against technology security threats across CIMBT. - Champion, socialize and embed the progressive development,...

  • Manager, Operational Risk

    59 minutes ago


    Thailand CIMB Group Full time

    **Responsibilities**: - Implementation the ORM framework and IT Risk Management Policy & Procedure to effectively manage technology related risks, enhance technology resiliency and mitigate risks against technology security threats across CIMBT. - Champion, socialize and embed the progressive development, definition and role of enterprise-wide Technology...


  • Thailand KPMG-Thailand Full time

    Our IT Audit professionals advise our clients how to manage IT-related risks to balance the opportunities and threats arising from the use of technology and provide assurance over their IT controls. Literate in the technologies deployed by our clients and with deep industry experience, our professionals provide practical recommendations that cut through...


  • Thailand Argyll Scott Full time

    **Main responsibilities**: - **Planning, organizing and carrying out information security management, IT security design & implementation, IT security **assessment assignments and Cyber Simulation exercise as assigned. - Develop excellent professional oral and written communication skills in order to establish working relationships with client personnel. -...


  • Thailand KPMG-Thailand Full time

    Public and private organizations in various sectors worldwide now openly acknowledge that cyber-attacks are one of the most prevalent and high impact risks they face. Dealing with cyber threats is a complex challenge. KPMG professionals recognize that cyber security is about risk management - not risk elimination. We are looking for consultants to join our...


  • Thailand KPMG-Thailand Full time

    Public and private organizations in various sectors worldwide now openly acknowledge that cyber-attacks are one of the most prevalent and high impact risks they face. Dealing with cyber threats is a complex challenge. KPMG professionals recognize that cyber security is about risk management - not risk elimination. We are looking for experienced consultants...


  • Thailand KPMG-Thailand Full time

    An effective, well-managed IT system is one of the most valuable business advantages an organization can secure. The right technology, implemented properly, appropriately managed and monitored, can lead to significant gains in growth and efficiency. It is essential to get sound business advice to ensure technology risks are managed. IT is challenging to get...

  • Senior Associate

    2 weeks ago


    Thailand KPMG-Thailand Full time

    Public and private organizations in various sectors worldwide now openly acknowledge that cyber-attacks are one of the most prevalent and high impact risks they face. Dealing with cyber threats is a complex challenge. KPMG professionals recognize that cyber security is about risk management - not risk elimination. We are looking for consultants to join our...

  • Technology Consulting

    7 months ago


    Thailand NodeFlair Full time

    **Job Summary**: **Job Type** Permanent **Seniority** Manager **Years of Experience** At least 7 years **Tech Stacks** Strategy play - EY is committed to doing its part in building a better working world. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop...

  • Technology Consulting

    7 months ago


    Thailand NodeFlair Full time

    **Job Summary**: **Job Type** Permanent **Seniority** Senior **Years of Experience** At least 2 years **Tech Stacks** Strategy play - EY is committed to doing its part in building a better working world. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop...


  • Thailand Save the Children Full time

    **The Opportunity The Safety, Security and Access Manager will ensure great coordination between Save the Children Thailand Foundation programs, ASRO entity and implement Save the Children’s Safety and Security Policy and Standards within the ASRO and related bodies in Thailand, will help drive systemic change in the quality of safety and security...

  • Risk Manager

    7 months ago


    Thailand Thakral One Full time

    End-to-end coordination and oversight of all authorisation and fraud payment success optimisation themed recommendations shared with the issuer as part of the diagnostic and assessment phases **Key Requirements**: Adept domain expert in card authorisations and fraud risk management process operating in a bank’s credit card environment with familiarity to...

  • Risk Analyst

    56 minutes ago


    Thailand Bitfinex Full time

    Founded in 2012, Bitfinex is a digital asset trading platform offering state-of-the-art services for crypto traders and global liquidity providers. We are one of the oldest exchanges and a top 10 player by volumes, with a solid customer base of both institutional and retail customers. We list almost 200 different tokens and also more than 60 perpetual...


  • Thailand HSBC Full time

    -Job description **SVP Enterprise Risk Management and Data Privacy Officer** **Risk Department** **GCB4** *** **Some careers** **grow faster than others.** If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new...

  • Security (Avp)

    1 day ago


    Thailand Talentvis Full time

    Requirements:6-7 years of experience in computer security systems network computer information systems management at the management level - Educational qualifications: Bachelor's degree/Master's degree, B.Eng./Bachelor of Science in computer, information technology, electricity, telecommunication or related fields. - Have Certification in Cyber Sec such as...

  • Security Manager

    1 day ago


    Thailand Talentvis Full time

    Requirements:More than 5 years experience in computer security system network computer information systems management at the management level - Educational qualifications: Bachelor's degree/Master's degree, B.Eng./Bachelor of Science in computer, information technology, electricity, telecommunication or related fields. - Have Certification in Cyber Sec such...

  • Security Manager

    2 months ago


    Thailand Lazada Full time

    Location: **Thailand** - Department: Supply Chain & Logistics- Location: Thailand- 1. Responsible for security management in Suksawas Sortation Center, ensuring the safety of company assets and personnel. 2. Develop and implement comprehensive security policies and procedures in compliance with laws and regulations and Alibaba International's security...


  • Thailand KPMG-Thailand Full time

    Public and private organizations in various sectors worldwide now openly acknowledge that cyber-attacks are one of the most prevalent and high impact risks they face. Dealing with cyber threats is a complex challenge. KPMG professionals recognize that cyber security is about risk management - not risk elimination. We are looking for consultants to join our...