Senior Security Risk and Compliance Specialist

Central Retail (Bangkok City, Thailand)

Bangkok, Thailand

Central Retail Corporation Public Company Limited (“the Company” or “Central Retail”) is the leading multi-format and multi-category retailing platform in Thailand. Central Retail is also growing internationally, securing leadership status in Italy, and becoming one of the leaders in Vietnam.

About this position

We are seeking a highly skilled and experienced Senior Security Risk and Compliance Specialist to join our CISO Office at Central Group. The ideal candidate will play a crucial role in developing and implementing our enterprise governance, risk management strategies, ensuring compliance with relevant security standards, and providing expert security consultation across our organization.

Responsibilities

Key Responsibilities:
• Conduct comprehensive security risk assessments across the organization
• Develop and implement robust risk management frameworks aligned with industry best practices
• Identify and evaluate potential security threats and vulnerabilities
• Propose and implement risk mitigation strategies
• Monitor and report on the effectiveness of risk management measures
• Ensure compliance with security standards such as ISO27001, PCI DSS, ND1643, and NIST cybersecurity frameworks
• Perform regular compliance reviews and audits
• Develop and maintain compliance policies and procedures
• Coordinate with various departments to ensure organization-wide compliance
• Stay updated on changes in regulatory requirements and update internal processes accordingly
• Design and implement comprehensive compliance check programs
• Conduct periodic compliance assessments and create action plans for addressing gaps
• Design and drive security standards and programs across the organization
• Implement and manage Governance, Risk, and Compliance (GRC) tools and processes
• Develop security controls and programs that align with regulatory requirements and business objectives
• Create and maintain reporting metrics, dashboards, and evidence artifacts for both risk and compliance
• Document and report control failures, risks, and compliance gaps to stakeholders
• Provide remediation guidance and prepare management reports to track risk mitigation and compliance activities
• Present GRC areas to management, including detailed reports on risk posture, compliance status, and security initiatives
• Develop and deliver executive-level presentations on security and compliance matters
• Train and guide other staff on risk assessment and compliance functions
• Act as a technical resource for security risk management and regulatory compliance
• Assist in the management and oversight of security program functions
• Develop and implement comprehensive training programs for both technical staff and general employees
• Create and maintain e-learning modules on security awareness and compliance topics
• Plan and conduct regular cybersecurity drills to test organizational readiness
• Design and execute phishing simulation programs to assess and improve staff awareness
• Provide expert security consultation for new and ongoing projects across the organization
• Conduct security reviews and risk assessments for proposed projects and initiatives
• Offer guidance on implementing appropriate security controls and measures
• Collaborate with project teams to ensure security is integrated from the early stages of development

Requirements

• Proven experience in security risk management and compliance
• Strong knowledge of security standards and frameworks such as ISO27001, PCI DSS, ND1643, and NIST
• Excellent analytical and problem-solving skills
• Strong communication and presentation skills
• Ability to work collaboratively across departments
• Experience in developing and delivering training programs
• Familiarity with Governance, Risk, and Compliance (GRC) tools and processes
• Relevant certifications in security risk management or compliance (e.g., CISSP, CISM, CRISC) are a plus