Skills:

Automation, TypeScript, Javascript

Job type:

Full-time

• Architectural Excellence -Engage in deep architecture reviews and technology assessments to drive continuous improvement and innovation.
• Stakeholder Collaboration - Collaborate with multiple stakeholders to understand their requirements and support them on their cloud adoption and migration journey.
• Technical Excellence- Translate developer needs into technical requirements and optimize cloud architectures for high availability, scalability, and performance.
• Development Leadership- Lead a dedicated development team in designing, developing, and delivering cutting-edge business automation capabilities for our Cloud Centre of Excellence.
• Cloud Infrastructure Mastery- Design and implement scalable, secure, and cost-effective cloud infrastructure solutions using major cloud providers such as Azure and Huawei, tailored to project requirements.
• Technical Guidance- Provide valuable technical guidance and support to foster a collaborative and innovative work environment.
• Stakeholder Engagement- Interface with stakeholders, including developers, project managers, and business owners, to gather feedback and refine our self-service platform.
• If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply..
• Proven Expertise: Minimum of 5 years of experience in consulting and client-side roles, or a combination of both.
• Hands-On Leadership: Demonstrate at least 5 years of hands-on development experience before.
• transitioning to an engineering management or architecture role.
• Language Proficiency: Possess current or previous experience in one or more programming languages such as TypeScript/JavaScript, Java, Python, or Kotlin, with a deep understanding of their pros and cons.
• Tech Ecosystem Acumen: Navigate the modern technology ecosystem with ease, encompassing cloud providers, commerce vendors, experience platforms, event brokers, data processing platforms, analytics, business intelligence, big data, and AI.
• Cloud & DevOps: Exhibit hands-on experience with cloud architecture (preferably Azure), DevOps, Site Reliability Engineering, and Quality Engineering best practices. Experience around different cloud pricing and strategies.
• Lifecycle Expertise: Embrace a broad understanding of the entire project lifecycle, from project inception to MVP scoping, agile development, and operational excellence.
• Agile Knowledge: Bring working knowledge of agile delivery and scaled agile methodologies, ideally on the 'architecture runway' side.
• Continuous Architecture: Contribute your experience with 'real-life' continuous architecture practices, preferably within an architecture guild/team in a large organization.

Skills:

Continuous Integration, Legal, Procurement

Job type:

Full-time

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• SDLC Security & DevSecOps Integration.
• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.
• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.
• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.
• Monitor and evaluate the effectiveness of security controls, adjusting strategies as required.
• Pentester Governance & Annual Panel Selection.
• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.
• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.
• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.
• Collaborate with legal, procurement, and compliance teams to negotiate contracts and service level agreements (SLAs) with selected vendors.
• Application Security Testing.
• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.
• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.
• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
• Work with development teams to ensure security testing is integrated into agile and DevOps methodologies.
• Identity Architecture & Strategy.
• Define and implement enterprise-wide identity governance frameworks, access models, and role designs.
• Develop future-ready IAM architectures to support Zero Trust security, cloud adoption, and business scalability.
• Design identity lifecycle processes such as automated provisioning, de-provisioning, RBAC, and approval workflows.
• Align IAM practices with global standards (NIST, ISO 27001, CIS) and regulatory mandates (PCI-DSS, GDPR, BOT).
• Establish and maintain a comprehensive security governance framework with clear roles, responsibilities, and performance metrics.
• IAM Solution Delivery & Operations.
• Lead the design, deployment, and integration of solutions including SSO, MFA, PAM, and CIAM.
• Oversee directory services and federation platforms such as Active Directory, Azure AD, and cloud identity providers.
• Collaborate with implementation teams and vendors to configure and deploy IAM technologies that ensure security, scalability, and operational excellence.
• Minimum of 12+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing and Digital Identity.
• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.
• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable.

Skills:

Procurement, Budgeting, Multitasking, English

Job type:

Full-time

• Follow up with internal and external teams to consolidate reports, dashboards, and templates, ensuring accuracy and timeliness..
• Assist in tracking and monitoring project progress and operational updates..
• Support in data compilation and report preparation for management review..
• Work closely with cross-functional teams to ensure alignment and consistency in reporting and follow-ups.
• Administrative & Secretarial Support.
• Provide secretarial duties, including managing correspondence and scheduling appointments. Organize meetings, including venue arrangements, scheduling and summarizing meeting minutes..
• Handle procurement processes, including invoice processing and budgeting. Coordinate with internal teams and external vendors for general service tasks..
• Manage expense tracking and ensure timely approvals and processing..
• If you meet the qualifications below and are ready to take on a dynamic role, we encourage you to apply..
• Bachelor s degree in Business Administration, Management, or a related field.
• At least 5 years experience as secretary, administrator, or coordinator.
• Strong organizational and multitasking skills with high attention to detail.
• Willing to learn new things.
• Good command of English both written.

Job type:

Full-time

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.
• Policy, Procedures, Standards & Guidelines.
• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.
• Security Consultation.
• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience.
• Security Awareness & Training.
• Develop and manage security e-learning programs, newsletters, and knowledge-sharing initiatives to enhance employee awareness.
• Conduct phishing drills and security simulations to assess and improve employee resilience against cyber threats.
• Design specialized training for executives and high-risk users to enhance their understanding of emerging threats and security best practices.
• Implement interactive learning methods such as gamification, security awareness series, real-world security challenges to encourage participation, on-site engagements to reinforce security culture.
• Digital Identity.
• Assist in Identity Governance & Administration (IGA) by supporting policy enforcement, identity lifecycle management, and compliance monitoring.
• Support Access Management by integrating authentication mechanisms such as SSO, MFA, and adaptive access controls into enterprise systems.
• Contribute to Role Management, ensuring structured RBAC/ABAC models and periodic access reviews.
• Help implement Privileged Access Management (PAM) controls, monitoring privileged user sessions, and enforcing security best practices.
• Assist in Identity Integration & Directory Services, ensuring seamless identity synchronization and federation across cloud and on-prem systems.
• Security Innovation.
• Research and evaluate emerging cybersecurity technologies, AI-driven security analytics, and automation tools, conducting PoCs to assess feasibility.
• Explore AI-driven security solutions for threat detection - prevention, and automated security operation to enhance cybersecurity resilience.
• Provide strategic insights to align security innovations with digital transformation, FinTech, and cloud security initiatives across subsidiaries.
• Partner with internal teams, vendors, and industry leaders to benchmark security advancements and drive innovation initiatives..
• Minimum of 5+ years in information security consultancy, with a proven track record in security assessment, identity & access and data security.
• Experience in conduct IAM solutions, including IGA, identity assessment - planning, access management, PAM, and identity integration within enterprise environments.
• Demonstrates a deep understanding of global security frameworks, such as NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.
• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.
• Relevant certifications such as from identity products or equivalent are highly desirable.

Skills:

Automation, English

Job type:

Full-time

• Establish a consistent approach to handle security incidents under committed OLA, SLA, MTTX matrix..
• Effectively and efficiently contain and eradicate cyber threats with all subsidiaries.
• Recover impacted assets from technical and business damage done by cyber threats.
• Develop and distribute security incident reports to all key stakeholders.
• Incorporate root cause and lessons learned into an improvement plan.
• Strengthen processes and maturity of Group security operations.
• Continuous improve security incident operations.
• Security Incident Identification, Triage and Response with MS Sentinel SIEM and SOAR cover 24*7 detection & analysis, containment, eradication & post incident investigation on high, rather high, moderate, rather low and low severity..
• Access to internal or external IR specialists to support in Digital forensics investigations and IR team, Threat hunting using Microsoft Sentinel to proactively identify threats in the environment.
• Gather cyber threat insights on security incidents through governance reporting covering weekly operational reports, monthly tactical reports and quarterly management reports.
• Review use-cases onboarding and continuous optimizations to comprehensively detect threats for all subsidiaries environments.
• Works smooth with SOC operation outsources team under the SCBX Cyber Defense Operating Model..
• Support in helping subsidiaries to containment and resolve security incidents within MTTC SLA.
• Maintained and updated security incident response playbooks and runbooks with all subsidiary s acknowledgement.
• Develop, design and participate in cyber tabletop exercises.
• 5-7 years experienced in cyber security incident response or SOC environments. If you worked in Financial industry will be plus score..
• Strong knowledge of cyber security principles and practices, including vulnerability assessment, incident response, and SOC architecture. If you have Cyber/IR certificates related will be plus score..
• Strong knowledge and skills of security threats, attack countermeasures and threat detection/prevention/mitigation.
• Working experience in SOC (Security Operations Center) with hands-on experience with Automated Analytic Rules and Automation Playbook on MS Sentinel..
• Experience with a variety of cyber security tools such as SIEM, EDR, Firewall, IPS, etc and SOC technologies. Excellent analytical and problem-solving skills.
• Hands-on experience in provisioning and interpreting log and network packet data, cloud environment.
• Ability to work independently and as part of a team.
• Ability to communicate complex technical concepts to both technical and non-technical audiences in both of Thai and English..
• Experienced in multi-vendor management.
• Join our team and contribute to ensuring the best availability and efficiency of our Cyber Defense strategy and Cyber Defense Operating Model.
• Apply today to play a crucial role in safeguarding our organization's security.

Skills:

Risk Management, ISO 27001, English

Job type:

Full-time

• Oversee the technology risk management practices of banking and digital asset subsidiaries to ensure they align with the parent company s standards and regulatory requirements.
• Establish a robust governance framework to monitor and control technology risks across all subsidiaries.
• Ensure regular and detailed reporting of technology risk management performance, including key metrics and risk indicators, to senior management and the board of direct ...
• Oversee the reporting of any technology-related incidents or anomalies, ensuring timely communication and resolution.
• Communicate and enforce technology risk management policies and standards across all subsidiaries, ensuring that all relevant stakeholders are aware of and adhere to these guidelines.
• Provide expert advice and support to subsidiaries on technology risk management issues, helping them to implement best practices and mitigate risks effectively.
• If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply..
• Bachelor s degree or higher in Information Technology, Cybersecurity, Risk Management, or a related field.
• Relevant work experience at least 5 years of experience in technology risk management..
• Proficiency in identifying, evaluating, and mitigating technology risks.
• Knowledge of regulatory requirements and best practices in IT governance.
• Familiarity with risk management frameworks and tools, such as NIST, ISO 27001, and COBIT.
• Ability to effectively communicate risk-related information to stakeholders at all levels both Thai and English.
• Commitment to staying updated with the latest trends and developments in technology risk management.

Skills:

Branding, Public Speaking, Social media, English

Job type:

Full-time

• Monitor, analyze and interpret domestic, regional, and global climate and sustainability trends: regulation (e.g. Climate Change Act, Taxonomy, carbon pricing / tax, climate risk frameworks, NDCs, Power Development Plan, National Adaptation Plan), policy, energy transition, net zero transition and sectoral decarbonization, climate technology, just transition, nature & biodiversity.
• Identify key climate-related risks & opportunities, evaluate materiality to SCBX s portfolio, business lines, and operations.
• Provide senior leadership with regular briefings & insights to inform SCBX s sustainability and climate strategy and initiatives.
• Strategic Advisory, Integration & Initiatives.
• Set, review and finetune climate and sustainability strategy for SCBX, taking into account latest trends and developments. Review and update double materiality assessment.
• Support integration of climate and sustainability considerations into strategy planning, enterprise risk management and business operations.
• Lead / support group-level climate and sustainability strategic initiatives, including both mitigation and adaptation, in collaboration with portfolio companies and business units.
• Center of Excellence for Internal Enablement & Capacity Building.
• Design and organize knowledge sharing, training and awareness programs to deepen climate and sustainability capabilities of SCBX Board, management and portfolio companies.
• Work with portfolio companies and business units across Group to ensure climate & sustainability considerations are embedded in their strategy, decision-making and operations.
• Develop metrics to measure success in sustainability capacity building.
• Strategic Engagement, Positioning & Thought Leadership.
• Engage, maintain network and build strategic partnership with external stakeholders (regulators / government agencies, industry associations, forums, think-tanks, academia, peer FIs) that will help advance SCBX s climate and sustainability goals and initiatives and strengthen our external positioning.
• Develop thought leadership and strategic sustainability contents for branding and communications purposes (e.g. forums, white papers, position papers, public speaking, internal knowledge dissemination, presentations, social media contents) to demonstrate SCBX s active industry leadership in climate and sustainability.
• Key Outcomes / Deliverables.
• Monthly climate & sustainability briefings and analysis that highlight key developments and implications for SCBX s strategy and risk management.
• Analysis of Thailand s draft Climate Change Act, National Adaptation Plan and other relevant policies and regulations.
• Analysis of key climate technologies and solutions for mitigation and adaptation for different industries.
• Review of climate and sustainability strategic direction and initiatives.
• At least 1 strategic initiative on climate and sustainability developed in the first year to address an emerging risk or capture an emerging opportunity.
• Double materiality assessment annual review.
• Bimonthly knowledge sharing sessions by external experts on climate and sustainability issues (e.g. climate tech, sector-specific decarbonization and adaptation solutions).
• Yearly training session for Board or management on a climate and sustainability issue with strategic importance.
• Metric & progress tracking on internal alignment and capability on climate and sustainability.
• At least 1 strategic sustainability forum and/or partnership on climate or sustainability in the first year.
• Quarterly public thought leadership contents with at least 1 major thematic content (e.g. report or social media content) in the first year.
• Required Qualifications & Experience.
• 8+ years working in management consulting, financial industry, policymaking or think-tank, with at least 5 years working on climate and environmental sustainability issues.
• International work experience is highly valued.
• Strong understanding of climate change and environmental sustainability landscape in Thailand and abroad: net zero transition, adaptation, laws, policies, regulations, frameworks, etc.
• Good understanding of decarbonization and adaptation technologies and solutions for different sectors.
• Familiarity with major ESG / climate frameworks (e.g. SBTi, sustainable finance taxonomy, etc.).
• Ability to translate intelligence into business strategy; risk / opportunity balancing; understanding of banking / financial products / portfolio risk.
• Excellent written & verbal communication in Thai and English; experience preparing briefings / presentations for senior leadership or Board; ability to represent the organization externally.
• Strong experience working across functions internally; active external networks.
• A Master s degree is preferred.

Skills:

Finance

Job type:

Full-time

• Develop and maintain deep insights into sustainable finance trends, policies, standards, and emerging areas such as transition finance, adaptation finance, nature and biodiversity finance, social finance, carbon markets, and blended finance.
• Set the strategic direction for sustainable finance within the SCBX Group and drive product innovation to support commercialization and industry leadership.
• Proactively engage with regulators, policymakers, and key industry stakeholders to advance the Group s sustainable finance objectives.
• Implementation & Advisory.
• Review, enhance, and update SCBX Group s sustainable finance frameworks in alignment with evolving global standards and internal strategic direction.
• Oversee and provide expert advice on sustainable finance transactions to ensure alignment with established principles, criteria, and frameworks.
• Manage and maintain a comprehensive database of sustainable finance transactions, categorized by product type and sustainability objective.
• If you meet the following qualifications and are ready to make a difference, we encourage you to apply..
• Minimum of 10 years of experience in the financial industry or top-tier business consulting, with a focus on financial strategy or product development.
• Proven experience integrating ESG or climate considerations into business strategies or financial products.
• Strong analytical, strategic, and communication skills with a results-driven and growth-oriented mindset.
• Master s degree or MBA in Finance, Business Administration, or a related field.
• In-depth knowledge of sustainable finance market trends and product landscape.
• Familiarity with global sustainable finance standards and frameworks such as ICMA, LMA, EU Taxonomy, etc.
• Understanding of climate-related technologies in sectors such as renewable energy, green buildings, carbon capture, and clean fuels.
• About Us.
• SCBX is the mothership of the financial technology business group, comprising 12 subsidiary companies that operate across three key business pillars: Banking Business, Consumer and Digital Finance Business, and Platform and Technology Business. In addition, SCBX also focuses on Climate Technology, aspiring to become The Most Admired Regional Financial Technology Group . The company conducts its business with flexibility and prudence in governance and risk management and has possesses the potential to compete equally in global competitions.