Business Security Manager

**OVERVIEW**:

- **Location**:Don Mueang, Bangkok
- **Department**:Group Cybersecurity
- **Entity**:Thai AirAsia
- **Status**: Full-time

**Y**OUR ROLE AS A BUSINESS SECURITY MANAGER**

This role serves as a key advisor on Information Security requirements across Capital A. You will ensure technical teams implement and maintain compliance with global standards (ISO 27001, PCI DSS, NIST CSF) while identifying risks and managing control deficiencies. Additionally, you will act as the primary lead for incident response and security issue remediation. You will report to the Group CISO.

**WHAT YOU’LL CHAMPION**:
**_ Stakeholder Collaboration and Management_**
- Acts as the primary cybersecurity leader across the business for Thailand, aligning enterprise cybersecurity strategy and roadmap with business objectives.
- Drive and prioritise implementation and integration/adoption of security capabilities within the BU, including embedding security into business digital projects and operations.
- Ensure the business-specific threat landscape, risks, and regulatory drivers are clearly articulated to the CISO teams and validate cyber architecture decisions that meet the business’s operational and compliance needs.
- Provide Strategic Threat Briefings to Business Leadership.

**_ Cyber Governance Risk Compliance(In-Country)_**
- Drives Cyber Risk acceptance, risk mitigation, finding management processes, and risk reporting consistently to ensure Cyber Risks are managed and residual risks understood by the leadership.
- Represent cybersecurity in external audits, customer security reviews, and regulatory submissions.
- Actively involved and drive preparations in Business Continuity and Disaster Recovery drills for critical business processes and crown jewels.
- Work with the in-country Data Protection Officer(s) of AirAsia Aviation on data security requirements.

**_ Cyber Defense (In-Country)_**
- Coordinate business communication, impact analysis, business post-incident review, and remediation with the business teams and in compliance with local regulations.

**_ Change Management_**
- Champion Cyber Security Change program activities to drive awareness, behaviors among the business unit, and increase the Cyber Resilience
- Drive implementation and integration/adoption of security capabilities and change management to ensure business alignment and effectiveness.
- Business-level security KPIs/KRIs (e.g., patch compliance, phishing click rates, third-party risk ratings) dashboards, reports to business leaders, and the enterprise CISO.

**WHO YOU ARE**:

- Bachelor's Degree in Information Technology, or Business with IT, Computer Science, or equivalent.
- Minimum 6 years of experience in managing Information Security Operations/Governance, Risk Management, and Compliance, or related fields.
- Relevant industry certifications are an advantage (e.g., ISO 27001, CISA, CISSP, CGEIT, etc.)
- Working knowledge of local information and cybersecurity-related regulations and requirements is a MUST.
- Ability to develop, review, and maintain documentation on time.
- Excellent English communication and interpersonal skills, with a proven ability to resolve conflicts and build strong, lasting rapport with diverse stakeholders.
- Proven ability in building partnerships across local, regional, and cross-functional teams to align security goals with business objectives.
- A detail-oriented self-starter with strong analytical skills and a result-oriented mindset, capable of multitasking and adapting quickly to shifting priorities in a fast-paced environment.

**WHERE YOU’LL GO**:
Dispatcher to captain, ramp agent to data analyst, brand executive to CEO - these are some Dare To Dream stories of our Allstars.

This role serves as a strategic bridge between local operations and regional leadership, providing a clear trajectory toward a career in Security Leadership. You will evolve from a compliance specialist into a high-visibility advisor to the C-suite and Board. By mastering the complexity of a regional matrix environment and leading high-pressure incident responses, you will build the multifaceted expertise required to become a Regional CISO or Head of Business Security.

**WHAT YOU’LL ENJOY**:

- Physical Wellbeing: Key medical and insurance benefits, maternity expenses, flexible work arrangements, and health and fitness amenities.
- Emotional Wellbeing: Paid time off, wellness programmes, and childcare amenities.
- Financial Wellbeing: Resources relating to financial, personal skills and career growth programmes.
- Allstars Specials: Free flights, unlimited discounted flights, and exclusive discounts with partners.
- A unique Allstar culture like no other

**OUR HIRING PROCESS**:

- Application Review and Skills Match
- Assessment
- Interviews (x3)
- Background Verification
- Offer Process

**GET TO KNOW AIRASIA**:
AirAsia has been the World's Best Low-Cost Airline for 14 consecutive years with over 800 million guests flown. We con