SUMMARY

The IT Security & Governance Specialist is a critical role responsible for ensuring the confidentiality, integrity, and availability of the organization's information assets. This position involves developing, implementing, and maintaining IT security policies, procedures, and standards, as well as ensuring compliance with relevant regulations and frameworks. The specialist will conduct risk assessments, manage security incidents, and provide guidance and training to employees on security best practices.

ESSENTIAL DUTIES AND RESPONSIBILITIES

· Security Policy and Procedure Development & Implementation:

o Develop, implement, and maintain IT security policies, standards, and procedures in alignment with best practices and regulatory requirements (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI DSS).

o Ensure policies are communicated effectively and understood throughout the organization.

o Conduct regular reviews and updates of security policies and procedures.

· Risk Management & Assessment:

o Conduct regular risk assessments and vulnerability scans to identify potential security threats and vulnerabilities.

o Develop and implement risk mitigation strategies and action plans.

o Maintain a risk register and track remediation efforts.

· Compliance & Audit:

o Ensure compliance with relevant regulatory requirements and industry standards.

o Conduct internal and external security audits and assessments.

o Prepare and present audit reports and findings to management.

o Work with external auditors as needed.

· Security Incident Management:

o Monitor and respond to security incidents and breaches in a timely and effective manner.

o Conduct incident investigations and root cause analysis.

o Develop and implement incident response plans and procedures.

o Maintain an incident log.

· Security Awareness & Training:

o Develop and deliver security awareness training programs for employees.

o Promote a culture of security awareness throughout the organization.

o Provide guidance and support to employees on security best practices.

· Security Tool Management:

o Assist in the selection, implementation, and management of security tools and technologies (e.g., firewalls, intrusion detection systems, antivirus software, SIEM).

o Monitor and analyze security logs and alerts.

o Maintain security tool documentation.

· Governance:

o Assist in developing and maintaining IT governance frameworks.

o Ensure alignment of IT security initiatives with business objectives.

o Participate in IT governance meetings and provide security-related input.

· Vendor Management:

o Assess the security posture of third-party vendors and service providers.

o Ensure that vendor contracts include appropriate security requirements.

o Monitor vendor compliance with security policies.

· Reporting & Communication

o Report regularly to executive leadership and IT governance.

o Prepare detailed reports on incidents, governance metrics, and audit results.

o Ensure timely communication with stakeholders regarding any security or compliance issues.

Minimum Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5 years of experience in IT security and governance.
• Strong understanding of IT security principles, practices, and technologies.
• Knowledge of relevant security standards and regulations (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI DSS).
• Experience with risk assessment and vulnerability management.
• Experience with security incident response and management.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.

Preferred Qualifications:

• Relevant certifications (e.g., CISSP, CISM, CISA, Security+).
• Experience with cloud security (AWS, Azure, GCP) and On-Premises.
• Experience with security information and event management (SIEM) systems.
• Experience with scripting languages (e.g., Python, PowerShell).
• Experience with penetration testing.

Other Necessaries:

• Ability to maintain confidentiality and handle sensitive information.
• Ability to adapt to changing technologies and security threats.
• Strong attention to detail and organizational skills.

• 
  Ability to create and maintain clear and concise documentation.

สวัสดิการ

• โบนัสประจำปี
• ลาพักร้อน เมื่อพ้นทดลองงาน
• ลา Workcation
• กองทุนสำรองเลี้ยงชีพ
• ประกันสังคม / ประกันสุขภาพ / ประกันชีวิต / ประกันอุบัติเหตุ
• วันหยุดตามกฏหมาย (ไม่น้อยกว่า 13วัน)
• ลาหยุดในเดือนเกิด
• ตรวจสุขภาพประจำปี
• เงินช่วยเหลือสมรส
• สิทธิคุณพ่อลาเลี้ยงบุตร
• เงินช่วยเหลือฌาปนกิจ
• Co working Space
• ฟิตเนต
• Point แลกของรางวัล

• 
  บริการปรึกษานักจิตวิทยาออนไลน์

การเดินทาง

• BTS : สถานีหมอชิต , ห้าแยกลาดพร้าว
• MRT : สถานีพหลโยธิน

• 
  บริการเรียกรถผ่าน App MuvMi

ติดตามข่าวสารจาก SC ASSET ได้ที่

http://insidesc.scasset.com/