Specialist, Security Governance Consultant

Job Summary:

We are seeking a highly motivated and experienced Security Governance Consultant to play a crucial role in establishing and maintaining a robust information security. The ideal candidate will be responsible for developing, implementing, and continuously improving policies, standards, processes, and security controls to safeguard the organization's information assets. This role requires a strong understanding of relevant international standards (e.g., ISO 27001, NIST-CSF and PCI-DSS), local regulations (PDPA, SEC and other applicable laws), and industry best practices.

Principal Accountabilities:

• Consultation: Provide professional cybersecurity consultation and implementation support to clients based on industry standards and frameworks (e.g., ISO/IEC 27001, NIST-CSF, PCI-DSS, PDPA) by conducting a gap assessments, risk assessments, and internal audits to identify control weaknesses and provide actionable recommendations to assist clients in preparing for certification audit.
• Framework Development & Implementation: Develop, implement, and maintain comprehensive information security policies, standards, procedures, and security controls aligned with ISO/IEC 27001, NIST-CSF, PCI DSS, PDPA, relevant regulations, and legal requirements. Support the internal governance, risk, and compliance (GRC) functions, ensuring the organization meets its cybersecurity and regulatory obligations.
• Risk Management & Assessment: Perform comprehensive Information Security risk management to identify, analyze, and evaluate potential threats and vulnerabilities as well as suggest an appropriate security measure to control the risk by creating a risk treatment plan.
• Policy development: Provide professional consultation on information security policies and procedure development to ensure adherence to standards, best practice and regulatory obligations.
• Auditing: Provide professional auditing services to clients based on industry standards and frameworks (e.g., SEC regulations, ISO/IEC 27001, NIST-CSF). Develop the audit plan, execute the audit session, and summarize the audit report.
• Security Awareness & Training: Develop and deliver engaging information security awareness programs for clients including, instructor-led training, phishing simulation and learning platform management.
• Cybersecurity exercise: Develop, facilitate and deliver the cyber security exercise to client (e.g., Tabletop exercise)
• Knowledge & Skill Advancement: Continuously update knowledge of emerging vulnerabilities, threats, security technologies, and evolving regulatory landscapes to ensure the organization's security posture remains current and effective.
• Collaboration & Communication: Effectively communicate security and governance requirements, risks, and recommendations to technical and non-technical stakeholders at various levels within the organization, including senior management.

Qualifications:

• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, or a related field.
• Proven experience in information security governance and risk management, threat modeling, secure solution design, and/or penetration testing.
• Hold relevant professional certifications such as CISSP, CISM, CISA, CRISC, ISO/IEC 27001 Lead Implementer or Lead auditor are advantageous.
• In-depth knowledge of Thailand's information security and data privacy regulations (PDPA, Cybersecurity Act, SEC regulation) and relevant international security standards (ISO 27001, PCI- DSS, NIST-CSF) with demonstrable experience in their implementation and audit.
• Strong understanding and practical experience in information security governance frameworks, risk management methodologies, threat modeling techniques, and secure solution design principles.
• Exceptional interpersonal and communication skills with the ability to effectively interact and build relationships with individuals at all levels of the organization (from end-users to executives).
• Strong analytical, logical, and systematic approach to problem-solving, decision-making and documentation skills.
• Familiarity with security tools and technologies used for risk management.
• Good command on both English and Thai

Working Location: True Digital Park