Security and Compliance Manager

The Role :

• Develop & Implement Frameworks: Create and enforce security governance, risk management, and compliance policies (e.g., ISO 27001, PDPA, SOC and GDPR).

• Risk Management: Perform risk assessments, maintain risk registers, and track remediation of identified gaps.

• Audits & Assessments: Conduct internal audits and support external assessments, providing documentation.

• Policy Enforcement: Ensure adherence to internal policies and external regulations across departments.

• Stakeholder Liaison: Work with IT, Legal, and business units to manage compliance and risk

• Data Subject Rights: manage inquiries, complaints, and requests from individuals regarding their personal data.

• Training & Awareness: create and manage a data protection culture through training and awareness program. Overseeing the development and execution of corporate security awareness and training programs

• Risk & DPIAs: Advise management on data risks, conduct Data Protection Impact Assessments (DPIAs) for new processes, and ensure appropriate safeguards.
Regulatory Liaison: Act as the main point of contact with the internal and external parties related to the above. And be able to respond to RFPs and TPAs appropriately.

• Data Governance: Establish policies for data retention, processing, and disposal. Be able to advice business teams on data privacy, protection and data access including categorization, labelling, masking PII across platforms is needed.

• Creating and maintaining the security strategy: This includes Prevention (Firewall, DLP and etc) ,Threat Detection and response (Incidence response). Reviewing the security roadmap, ensuring that the strategy is in line with the current cyber security landscape

• Security governance and reporting: to management including monitoring, managing, and responding to security incidents and threats, coordinating with the ENG and Other teams and partners like AWS to contain and recover from attacks.

• Security and compliance controls: hands-on experience implementing and managing all security controls like SSO, MFA, etc. in AWS environment and hands-on knowledge and experience with Linux administration from security and compliance perspective is must

Must have hands-on experience of managing ISO27001 audit and compliance for at least 2 times with latest version. Hands-on experience with conducting and maintaining SOC2 and PDPA/GDPR compliance is necessary. Be able create, manage and maintain all policy documents, SOPs, processes related to security governance. Must be a self-driven leader with focus on governance and compliance and be able to optimize control gaps and costs associated with security controls. Must be able to identify and apply appropriate controls and be able to justify the same with value to business. Must have excellent presentation skills and be able to tell a story to management for quick and easy understanding of the proposals and recommendations. Be able to budget and manage the budget for security and compliance. Have extensive knowledge and understanding of global security and compliance best practices