IT Security GRC

Ngern Tid Lor Public Company Limited (Phaya Thai)

Phaya Thai

Bangkok, Thailand

Ngern Tid Lor Public Company Limited (“TIDLOR”) is the leader in the fast-growing vehicle title loan market in Thailand. It is also a non-life and life insurance broker with the largest number of licensed branch staff in the country. With over 1,000 branches nationwide, the company is working to alleviate poverty in Thailand by providing fair, transparent, and convenient financial services. All Ngern Tid Lor’s operations are guided by the vision “Everything we do, we strive to empower people and enrich lives. We believe that access to fair, transparent, and responsible financial services is everyone’s right.” This is reflected through its range of products and services that create opportunities for the under-banked Thais who often lacks access to formal financing. In 2020, Ngern Tid Lor received two awards, Dream Employer of the Year and Dream Company to Work For from the Global Best Employer Brand Awards 2020. These awards reflect our commitment to creating a strong corporate culture and readiness for digital transformation to reduce financial inequality for customers and create sustainable opportunities for Thai society. For more details, please visit www.tidlor.com/th/tidlorstory.html

About this position

The IT Security GRC position involves analyzing IT projects, implementing security controls, and ensuring compliance with regulatory requirements while providing advisory on technology risks and security measures.

Responsibilities

• Analyze IT projects and provide advice on IT Security requirements / Implement and maintain security controls.
• Implement security control, risk assessment framework and program that align to regulatory requirements, ensuring documented and sustainable compliance.
• Provide advisory on technology risks, security controls and Personal Data Privacy control.
• Ensure IT Risk, IT control assessment review the appropriateness of relevant risk mitigation strategies and remedial actions with follow-up and escalation.
• Analyze, design and manage the work process, as well as to supervise the process improvement in accordance with the IT Standards.
• Assessing risk and compliance against security standards such as ISO27001, PCI DSS and NIST Cyber security standards.
• Serve as security expert and control trainings when needed.
• Attend meetings with change advisory board to determine IT Security needs.
• Develop and implement security policies, standard and procedure.

Requirements

• Bachelor degree or higher in Computer Science or IT related fields
• Experiences in IT Security, IT Risk Management, or IT Compliance
• Knowledge of ISO27001, PDPA, Compliance and regulations.
• Develop and enhance the information security management framework.
• Experience in risk management, security control, IT Governance standard: ISO27001.
• Having knowledge in banking / Financial and insurance business in advantage.
• Good communication and interpersonal skills.