Job Openings Senior Information Security Specialist

About the job Senior Information Security Specialist

Product Segment : Corporate

Senior Information Security Specialist

We are looking for an experienced Information Security Specialist who can operate independently and keep KKCompanys rapidly scaling business aligned with ISO/IEC 27001, ISO/IEC 27701, and other relevant security and privacy requirements. You will drive internal audits, policy development, and security-awareness initiatives while collaborating with colleagues across product, operations, and compliance to embed a security-first mindset as the company grows. If you want a role that blends strategic impact with hands-on ownership of security and privacy, youll feel right at home here.


Responsibilities:

    • Lead internal audits against ISO 27000-series standards, track remediation, and manage external audit schedules and evidence.
    • Develop, update, and enforce information security and privacy policies, procedures, and records to meet regulatory and standard requirements.
    • Monitor developments in security and privacy regulations (e.g., PDPA) and advise on control adjustments.
    • Conduct annual risk assessments, maintain the risk register, and coordinate mitigation actions across teams.
    • Design and deliver security and privacy awareness training and campaigns to raise organization wide security awareness.
    • Collaborate with engineering, cloud operations, legal, and external consultants to ensure controls remain effective and aligned with business needs.

    Requirements:

    • ISO/IEC 27001:2022 Lead Auditor certification, or equivalent direct audit experience.

    • Minimum 2 years of experience in information security management or security audit roles, with proven experience leading ISO 27001 internal audits.

    • Practical skills in drafting and maintaining security and privacy policies and procedures aligned with recognized standards.

    • Familiarity with risk assessment methodologies and experience maintaining a risk register.

    • Ability to design and deliver security awareness materials or training sessions for non-technical audiences.

    • Comfortable reading English standards and regulations and producing concise written documents; basic spoken English for discussions when required.

    • Strong interpersonal and coordination skills to work with colleagues from different functions and with external advisors.

    • Familiarity with project or issue tracking tools such as GitLab or Jira, and basic project management practices.

    Nice to Have:

    • Background in technology, software, or cloud service companies.
    • Additional certifications such as CEH, CISA, CISM, CIPM, or ISO/IEC 27701 Lead Auditor certification.
    • Excellent presentation, training, or cross cultural collaboration experience.
    • Demonstrated proactivity and problem solving skills, with the ability to influence multiple teams on security matters.