The Role

• Develop, implement and monitor strategic, comprehensive information security and IT risk management program.
• Mature the information security program to continually discover, reassess, and mitigate security risks as the business, product, regulatory, and customer landscape changes.
• Identify potential risks in code, architecture, and production systems by designing and implementing threat-mitigation options.
• Ownership over cloud infrastructure security, security operations and application security.
• Develop and drive security risk analysis, mitigation, and remediation plans. Plan for and lead security incident response and recovery efforts.
• Effectively communicate information security risks to stakeholders, ensuring informed decisions are being made.

Desired Skills and Experience

• Familiarity with relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, PCI, TRM, ISO270, etc).
• Knowledge and hands-on experience with:
• Network, cloud, web application, database, endpoint, and mobile security.
  • Threat analysis and management, including attack vector analysis.
  • Security testing and auditing (penetration testing, vulnerability scanning).
  • Security compliance regulations (MAS TRM).
  • Identity and access management.
  • Cyber incident management.
• Technical capability in scripting, automation, and configuration
• Familiarity with heterogeneous service environments and a good understanding of complex networked systems

The Requirements

• 8+ years of hands-on information security experience within a fast-growing start-up environment.
• Prior experience establishing, managing information security and customer data policies and standards in a growing company, preferably in the fintech or digital asset industry.
• Excellent written and verbal communications and presentation skills, including speaking persuasively to non-technical audiences.
• Relocation to Bangkok supported for the right candidate.