ประเภทงาน:

งานประจำ

• Develop and implement governance frameworks to align with Central Bank regulations and industry standards on Cloud Technology.
• Provide expertise in cloud engineering, including cloud technical skills and configuration (e.g., AWS, Azure, Google Cloud) to optimize performance, security, and cost-effectiveness.
• Collaborate with internal and external stakeholders to create, apply and maintain governance documentation, such as policies, procedures, guidelines and procedures rela ...
• Serve as a member of the Change Advisory Board (CAB) to review and approve changes to our cloud infrastructure and services.
• Conduct regular assessments and audits to ensure compliance with Central Bank regulations, cybersecurity policies, and risk management practices.
• Utilize ITIL processes to streamline such as service delivery, incident management, continuous improvement initiatives and others.
• Mentor and train internal and external stakeholders on technical governance best practices and emerging technologies..
• Minimum 5-7 years of experience in a technical governance role within a regulated international industry or with exposure to Central Bank regulations.
• Expertise in cloud engineering transformation with proficiency in cloud technical skills and configuration (e.g., AWS, Azure, Google Cloud).
• Good communication, presentation, and inter-personal skills with fluent in Thai and English languages.
• Experience as a member of the Change Advisory Board (CAB) and familiarity with technical change management.
• Knowledge of compliance, cybersecurity, and risk management principles, particularly in a fintech or banking environment.
• Familiarity with ITIL framework and its application in IT service management.
• Willingness to participate in technological innovation, keep learning and improving while working in an interdisciplinary field.
• Punctuality on assignment delivery with accountability.
• Preferred Qualifications.
• Experience in a fintech or banking environmen.
• Proven track record of developing and implementing technical governance frameworks and best practices.
• Ability to implement projects in a hand-on & end-to-end manner.
• Ability to see both big pictures and be detail-oriented at the same time.
• ITIL certificate.

ประเภทงาน:

งานประจำ

• Design and develop responsive web applications that meet the client's requirements and specifications.
• Collaborate with frontend developers and platform team to create robust backend services and integration interfaces.
• Write clean, efficient, and maintainable code using java, nodejs, python or similar programming languages.
• Write Unit Tests using JUnit or similar testing library.
• Optimize web applications for maximum speed and performance.
• Implement security best practices to protect against common web vulnerabilities.
• Collaborate with front-end developers to integrate with server-side logic.
• Perform code reviews, debugging, and troubleshooting to ensure the quality of code.
• Stay updated on the latest development trends and technologies..
• Minimum of 2 years experience as a full stack developer.
• Programming Proficiency - Ability to be hands-on coding in modern languages (e.g. Java, Typescript/Javascript) strong familiarity with modern application frameworks (e.g. Spring Boot, Node.js, ReactJS). Frontend components using the ReactJS Framework( Typescript, Redux and JavaScript ES6+).
• Design & Architecture - Practical capabilities in product requirements elicitation, logical architecture design, domain modelling and API design.
• Distributed Application Knowledge - Understanding of distributed application architectures using microservices.
• Project Lifecycle - Experience covering the entire project lifecycle from inception to operations.
• Team Dynamics - Results-driven mindset, strong collaborative interpersonal skills and a positive attitude.
• Cloud & DevOps - Experience with Cloud architecture, preferably Azure, and knowledge of how to implement DevOps and SRE.
• Agile Methodologies - Deep knowledge of agile delivery and frameworks such as SAFE.
• Technology Ecosystem - Familiarity of the cloud product technology ecosystem and integrations on multiple CSPs (e.g. Azure, Huawei, AWS and GCP).
• Professional Experience - Experience in this role in both technology consulting and product organizations.

ทักษะ:

Risk Management, ISO 27001, English

ประเภทงาน:

งานประจำ

• Oversee the technology risk management practices of banking and digital asset subsidiaries to ensure they align with the parent company s standards and regulatory requirements.
• Establish a robust governance framework to monitor and control technology risks across all subsidiaries.
• Ensure regular and detailed reporting of technology risk management performance, including key metrics and risk indicators, to senior management and the board of direct ...
• Oversee the reporting of any technology-related incidents or anomalies, ensuring timely communication and resolution.
• Communicate and enforce technology risk management policies and standards across all subsidiaries, ensuring that all relevant stakeholders are aware of and adhere to these guidelines.
• Provide expert advice and support to subsidiaries on technology risk management issues, helping them to implement best practices and mitigate risks effectively.
• If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply..
• Bachelor s degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 5 years of experience in technology risk management..
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001, and COBIT.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.
• Commitment to staying updated with the latest trends and developments in technology risk management.

ทักษะ:

Continuous Integration, Legal, Procurement

ประเภทงาน:

งานประจำ

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• SDLC Security & DevSecOps Integration.
• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.
• Pentester Governance & Annual Panel Selection.
• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.
• Application Security Testing.
• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.
• Experience.
• Minimum of 7+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing.
• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.
• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable..
• Key Competencies.
• Technical Proficiency In-depth knowledge of application security testing methodologies (SAST, DAST, IAST) and secure integration practices within CI/CD pipelines.
• Vendor Management & Governance Strong capability in managing third-party penetration testing programs, including the annual selection and governance of pentester panels to ensure high-quality assessments.
• Analytical Skills Exceptional ability to analyze complex security challenges across development and production environments and to devise effective mitigation strategies.
• Collaboration & Communication Proven track record of working with diverse teams and influencing decision-making at all organizational levels through clear, concise communication.
• Adaptability & Continuous Improvement Flexible and responsive in a fast-changing security landscape, with a commitment to continuous improvement and staying current with emerging trends and threats..
• Skills.
• Strategic thinking and risk management.
• Technical expertise in application security testing methodologies.
• Vendor management and contract negotiation.
• Strong problem-solving and analytical abilities.
• Excellent written and verbal communication skills.
• Why Join Us?.
• Innovative Environment, Work in a cutting-edge environment where your expertise drives impactful security solutions..
• Career Growth, Opportunities for professional development and advancement..
• Collaborative Culture, Join a team of dedicated professionals committed to maintaining a secure digital ecosystem..

ทักษะ:

Continuous Integration, Legal, Procurement

ประเภทงาน:

งานประจำ

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• SDLC Security & DevSecOps Integration.
• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.
• Pentester Governance & Annual Panel Selection.
• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.
• Application Security Testing.
• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.
• Identity Architecture & Strategy.
• Define and implement enterprise-wide identity governance frameworks, access models, and role designs.
• Develop future-ready IAM architectures to support Zero Trust security, cloud adoption, and business scalability.
• Design identity lifecycle processes such as automated provisioning, de-provisioning, RBAC, and approval workflows.
• Align IAM practices with global standards (NIST, ISO 27001, CIS) and regulatory mandates (PCI-DSS, GDPR, BOT).
• Establish and maintain a comprehensive security governance framework with clear roles, responsibilities, and performance metrics.
• IAM Solution Delivery & Operations.
• Lead the design, deployment, and integration of solutions including SSO, MFA, PAM, and CIAM.
• Oversee directory services and federation platforms such as Active Directory, Azure AD, and cloud identity providers.
• Collaborate with implementation teams and vendors to configure and deploy IAM technologies that ensure security, scalability, and operational excellence.
• Minimum of 12+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing and Digital Identity.
• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.
• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable.