Information Security and Governance Senior Consultant

Job Title: Information Security and Governance Senior Consultant
Contract Type: Permanent
Location: Bangkok Province, Thailand
Salary: THB1440000.00 - THB1800000.00 per annum
Start Date: ASAP
Reference: JN -072019-442456
Contact Name: Tipmalee Suttipongkiat
Contact Email:
Job Published: July 31, 2019 11:21

Job Description

One of the leading International Insurance company is recruiting for a candidate who has strong experiences on Security Compliance with ISO27001 and PCI DSS for the position of Information Security and Governance Senior Consultant.

Job Responsibilities

  • Work closely across business channels to identify and assess security risks, gaps in the application of policies and standards, and weaknesses in processes, and take a lead role in managing them. This position will work closely with the wider team to deliver a number of group-wide security improvement initiatives.
  • Working with Company Regional Office Security and Company Global Security. This position will implement security policies, standards, procedures, and guidelines for the organization in compliance with ISO27001 and PCI DSS.
  • Provide consultation to local teams to ensure that locally implemented technology solutions meet the company security standards, government rules, and regulations.
  • Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards.
  • Support regional audit, financial audit, ITSP audit and follow-up the remediation of findings.
  • Plan and coordinate Disaster Recovery testing.
  • Develop security policies, standards, procedures and guidelines in compliance in ISO 27001.
  • Implement security controls to the company to achieve ISO27001 certification.
  • Provide consultation to business units and IT team to operate in compliance with ISO27001
  • Develop security policies, standards, procedures and guidelines in compliance in PCI DSS standard.
  • Develop a Cardholder Data Flow diagram
  • Provide consultation to business units and IT team to minimize PCI DSS scope and operate in compliance with PCI DSS.
  • Implement security controls to the company in compliance with PCI DSS standard
  • Identifying, reporting to Management, monitoring and mitigating risks in IT security and compliance
  • Prepare monthly reports on risk analysis reviews, security compliance reviews,
  • Manage and conduct Information Risk Assessment (IRM) with relevant Business Units in compliance with IT Security Standard and best practice
  • Perform RCSA (Risk Control Self-Assessment) to identify risk and work out to define mitigation activities, analysis, review, follow up actions and report to CISO, CIO and Operation Risk.
  • Support and coordinate with business managers in the risk analysis process and track to ensure action items are completed

Qualification :

  • Bachelor's degree in the IT-related field.
  • Minimum of 5 years' experience in information security management, information risk management security tool implementation and/or IT Security Operations
  • CISSP, CISM, CISA, CRISC, GIAC and/or CEH certifications preferred
  • In-depth knowledge of security standards, such as ISO27001, PCI DSS, and experience in their implementation
  • Advanced knowledge of information risk management, business protection systems, and technology associated with information security
  • Computer literacy, good in using Microsoft Office and Microsoft Visio.
  • Good command of written and spoken English.
  • Good interpersonal skills - able to communicate effectively with various levels (from end-users to executive).
  • Logical & systematic approach to problem-solving
  • Experience in Disaster Recover Management, including backup and recovery processes

Argyll Scott Asia is acting as an Employment Agency in relation to this vacancy.