Skills:

Risk Management, ISO 27001, English

Job type:

Full-time

• Oversee the technology risk management practices of banking and digital asset subsidiaries to ensure they align with the parent company s standards and regulatory requirements.
• Establish a robust governance framework to monitor and control technology risks across all subsidiaries.
• Ensure regular and detailed reporting of technology risk management performance, including key metrics and risk indicators, to senior management and the board of direct ...
• Oversee the reporting of any technology-related incidents or anomalies, ensuring timely communication and resolution.
• Communicate and enforce technology risk management policies and standards across all subsidiaries, ensuring that all relevant stakeholders are aware of and adhere to these guidelines.
• Provide expert advice and support to subsidiaries on technology risk management issues, helping them to implement best practices and mitigate risks effectively.
• If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply..
• Bachelor s degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 5 years of experience in technology risk management..
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001, and COBIT.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.
• Commitment to staying updated with the latest trends and developments in technology risk management.

Skills:

Continuous Integration, Legal, Procurement

Job type:

Full-time

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• SDLC Security & DevSecOps Integration.
• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.
• Pentester Governance & Annual Panel Selection.
• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.
• Application Security Testing.
• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.
• Experience.
• Minimum of 7+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing.
• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.
• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable..
• Key Competencies.
• Technical Proficiency In-depth knowledge of application security testing methodologies (SAST, DAST, IAST) and secure integration practices within CI/CD pipelines.
• Vendor Management & Governance Strong capability in managing third-party penetration testing programs, including the annual selection and governance of pentester panels to ensure high-quality assessments.
• Analytical Skills Exceptional ability to analyze complex security challenges across development and production environments and to devise effective mitigation strategies.
• Collaboration & Communication Proven track record of working with diverse teams and influencing decision-making at all organizational levels through clear, concise communication.
• Adaptability & Continuous Improvement Flexible and responsive in a fast-changing security landscape, with a commitment to continuous improvement and staying current with emerging trends and threats..
• Skills.
• Strategic thinking and risk management.
• Technical expertise in application security testing methodologies.
• Vendor management and contract negotiation.
• Strong problem-solving and analytical abilities.
• Excellent written and verbal communication skills.
• Why Join Us?.
• Innovative Environment, Work in a cutting-edge environment where your expertise drives impactful security solutions..
• Career Growth, Opportunities for professional development and advancement..
• Collaborative Culture, Join a team of dedicated professionals committed to maintaining a secure digital ecosystem..

Skills:

Continuous Integration, Legal, Procurement

Job type:

Full-time

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• SDLC Security & DevSecOps Integration.
• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.
• Pentester Governance & Annual Panel Selection.
• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.
• Application Security Testing.
• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.
• Identity Architecture & Strategy.
• Define and implement enterprise-wide identity governance frameworks, access models, and role designs.
• Develop future-ready IAM architectures to support Zero Trust security, cloud adoption, and business scalability.
• Design identity lifecycle processes such as automated provisioning, de-provisioning, RBAC, and approval workflows.
• Align IAM practices with global standards (NIST, ISO 27001, CIS) and regulatory mandates (PCI-DSS, GDPR, BOT).
• Establish and maintain a comprehensive security governance framework with clear roles, responsibilities, and performance metrics.
• IAM Solution Delivery & Operations.
• Lead the design, deployment, and integration of solutions including SSO, MFA, PAM, and CIAM.
• Oversee directory services and federation platforms such as Active Directory, Azure AD, and cloud identity providers.
• Collaborate with implementation teams and vendors to configure and deploy IAM technologies that ensure security, scalability, and operational excellence.
• Minimum of 12+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing and Digital Identity.
• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.
• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable.

Skills:

Procurement, Budgeting, Multitasking, English

Job type:

Full-time

• Follow up with internal and external teams to consolidate reports, dashboards, and templates, ensuring accuracy and timeliness..
• Assist in tracking and monitoring project progress and operational updates..
• Support in data compilation and report preparation for management review..
• Work closely with cross-functional teams to ensure alignment and consistency in reporting and follow-ups.
• Administrative & Secretarial Support.
• Provide secretarial duties, including managing correspondence and scheduling appointments. Organize meetings, including venue arrangements, scheduling and summarizing meeting minutes..
• Handle procurement processes, including invoice processing and budgeting. Coordinate with internal teams and external vendors for general service tasks..
• Manage expense tracking and ensure timely approvals and processing..
• If you meet the qualifications below and are ready to take on a dynamic role, we encourage you to apply..
• Bachelor s degree in Business Administration, Management, or a related field.
• At least 5 years experience as secretary, administrator, or coordinator.
• Strong organizational and multitasking skills with high attention to detail.
• Willing to learn new things.
• Good command of English both written.