IT Security & Compliance Officer
Southeast Insurance Public Company Limited
Main duties & responsibilities:
- Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
- Facilitate the creation and modification of all technology compliance policies.
- Work with Legal and Customers/Prospects on issues relating to Information Security as part of contractual negotiations or Customer security reviews and assessments.
- Work with IT management to develop, enhance and implement further IT policies and procedures where necessary.
- Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks.
- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
- Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
- Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization.
- Report the levels of IT compliance risk and control effectiveness to key stakeholders such as CTO, legal management, regulators, internal/external auditors, etc.
- Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
- Provide technological advice and insight on compliance requirements to non-IT leaders such as the general counsel and COO.
- Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
- Responsibility for audit planning, delivery and reviews. Work closely with business units to monitor and review internal policies and procedures to ensure compliance with policies and standards.
- Working with various internal departments to conduct audits and respond to external validation and RFP requests.
Required skills and experience:
- Solid understanding of ISO 27001/27002 and Safe Harbour standards and methodology, IT Governance, Information Security risks and controls and IT Infrastructure.SSAE16/PCI/COBIT experience would be advantageous.
- A minimum of 5 years of IT experience, with 5 years in an information security role.
- A strong understanding of the business impact of security tools, technologies and policies.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
- Experience working with legal, audit and compliance staff. Experience developing and maintaining policies, procedures, standards and guidelines.
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls. An understanding of operating system internals and network protocols. Experience in application technology security testing. Experience in system technology security testing (vulnerability scanning and penetration testing).
- Strong leadership skills and ability to work effectively with business mangers, IT R&D and IT Operations Staff.
- Understanding of all aspects of ITGC coupled with a broad range of IT skills and practices including;
- Data Centre Environments
- Security and Firewalls (IPS/IDS)
- Digital Forensics/E-Discovery
- Business Continuity and Disaster Recovery
Southeast Insurance and Finance Group.
315 Southeast Bldg., G-9 Fl., Silom Rd., Silom, Bangrak, Bangkok 10500
Tel. +66(0) 2 631-1311 Ext 5304, Fax. +66(0) 2 631-2588
jobsDB จะส่ง ใบสมัครของคุณไปยัง Southeast Insurance Public Company Limited
Southeast Insurance Public Company Limited
Established on July 9, 1946, Southeast Group was renowned for as the “University of Insurance” consisted of a number of insurance experts, with the aims to promote and educate Thai people to understand necessity to have insurance coverage. Moreover, we always adhere to the integrity and ethical business practices. This gave rise to another popular name for the company – the “Insurance Gentleman” widely known as being honest and sincere to our customers.