Filter Jobs

Skills:

Compliance, Risk Management, ISO 27001, English

Job type:

Full-time

• To be a leader in designing and managing an organization s IT internal control environments to ensure the company complies with applicable law and regulations.
• To monitor the state of IT compliance with regulatory requirements and internal policies that affect the Information Technology Risk management and compliance, and develop a compliance program to address potential gaps.
• To serve as liaison to internal auditors, external auditors, Bank of Thailand auditors and other regulators' mandates (i.e., PCI, SEC, ISO27001, etc.) regarding documen ...
• To partner with IT Management to develop and implement appropriate controls to ensure that IT compliance is being effectively maintained.
• To oversee generally in issue summary review, the process of issue tracking and closure, and closing meetings in order to maintain a full understanding of emerging IT issues.
• To facilitate reporting of IT compliance status for IT Management.
• To provide advisory and consultation to IT users on IT regulation and compliance requirements.
• To oversee and steer the IT General Control (ITGC) program regarding SOX Compliance.
• To establish and enforce standardized and repeatable enterprise Data Leakage Prevention (DLP) governance and framework including DLP incident response processes.
• To maintain Data Leakage Prevention (DLP) system.
• To provide the direction and advisory on Information system control monitoring (i.e., monitoring the log over critical operating systems, applications, and databases, reviewing the access control log over restricted IT physical areas, etc.).
• To ensure security controls over critical high privilege management are adequate and functioning as intended within the operating systems, applications, and databases.
• Be responsible for Liaise with IT Risk owners to develop risk-based assessments, and establish risk response programs and reporting processes according to Bank s Risk Management Policy and Framework.
• Bachelors or Master of Information Technology, Computer Engineering or related fields.
• At least 10 years of experience in Information Technology in Banking /Financial industries.
• Experience in relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, ISO 27001/2, ITIL, and SOX Compliance.
• Experience in IT Governance, Risk management, and Compliance (IT GRC), Project Management, Lead Auditor/Lead Implementer, or similar is preferred.
• Strong knowledge of Local Regulatory (TH).
• Relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, ISO 27001/2, ITIL, SOX Compliance, etc.
• Professional Information Security certifications such as CISSP, CISA, CISM, CRISC, ISO 27001.
• CMMI/SDLC.
• Good written and verbal communication, presentation of both Thai and English skills.
• Strong Leadership, influencing, motivating, and negotiating skills.
• Good judgment within broadly defined practices in obtaining desired results, analytical and problem-solving skills.
• Demonstrated ability to prioritize and manage multiple tasks simultaneously.
• Familiar with Microsoft Office products.
• Good English Skill.
• Only shortlisted candidates will be contacted.
• FB: Krungsri Career(http://bit.ly/FacebookKrungsriCareer).
• LINE: Krungsri Career (http://bit.ly/LineKrungsriCareer).
• Talent Acquisition Department
• Bank of Ayudhya Public Company Limited
• 1222 Rama III Rd., Bangpongpang, Yannawa, Bangkok 10120
• Contact: Talent Acquisition Center:.
• Applicants can read the Personal Data Protection Announcement of the Bank's Human Resources Function by typing the link from the image that stated below.
• EN: (https://krungsri.com/b/privacynoticeen).
• ผู้สมัครสามารถอ่านประกาศการคุ้มครองข้อมูลส่วนบุคคลส่วนงานทรัพยากรบุคคลของธนาคารได้โดยการพิมพ์ลิงค์จากรูปภาพที่ปรากฎด้านล่าง.
• ภาษาไทย: (https://krungsri.com/b/privacynoticeth).
• หมายเหตุ ธนาคารมีความจำเป็นและจะมีขั้นตอนการตรวจสอบข้อมูลส่วนบุคคลเกี่ยวกับประวัติอาชญากรรมของผู้สมัคร ก่อนที่ผู้สมัครจะได้รับการพิจารณาเข้าร่วมงานกับธนาคารกรุงศรีฯ.
• Remark: The bank needs to and will have a process for verifying personal information related to the criminal history of applicants before they are considered for employment with the bank..

Skills:

ISO 27001, English

Job type:

Full-time

• รับผิดชอบการ Monitoring ควบคุมและจัดการระบบพื้นฐานเกี่ยวกับ ไฟฟ้า และระบบปรับอากาศ ระบบเครือข่าย เพื่อสนับสนุนการจัดการ.
• ตอบสนองความต้องการของลูกค้า และประสานงาน การติดตั้งและการแก้ไขปัญหาระบบของผู้บริการ (vendor) เพื่อให้ถูกต้องและสมบูรณ์ตามหลักปฎิบัติ.
• ควบคุมและประสานงานการบำรุงรักษาและการซ่อมแซม (Preventive Maintenance) ระบบพื้นฐานต่างๆ เครื่องกำเนิดไฟฟ้า Generator, เครื่องสำรองไฟฟ้า UPS, ระบบตู้ไฟฟ้า, ระบบปรับอากาศ และการติดตั้งอุปกรณ์ระบบเครือข่าย (Network) เป็นต้น.
• เป็น 1st level support & troubleshooting ของระบบ Facility ใน Data Center เช่น ระบบ Network, ระบบไฟฟ้า, ระบบปรับอากาศ เป็นต้น.
• จัดทำกระบวนการปฎิบัติงาน และคู่มือการทำงานในการดูแลระบบพื้นฐาน โดยอิงตามมาตราฐาน ISO หรือมาตรฐานอื่นที่เกี่ยวข้องกับการปฏิบัติงาน (เช่น ISO 20000 ด้านบริการ, ISO 27001 ด้านความปลอดภัย,ISO 50001 ด้านบริหารพลังงาน และอื่นๆ เช่น ISO22301, PCIDSS, TCOS) รวมทั้งรูปแบบใบบันทึก, รายงานต่าง ๆ.
• สรุปและรายงานผลสำหรับปัญหาวิกฤติใด ๆ ต่อหัวหน้าทีม รวมทั้ง การจัดทำรายงานสถิติ,รายงานวิเคราะห์แบบรายวัน, รายเดือน รายไตรมาส ด้วย.
• Bachelor s degree in electrical power, mechanic or related fields.
• Thai nationality, Male, Age 20 - 25 years old.
• Have basic technical knowledge in Data Center facilities (Electrical/Mechanical).
• Able to work under pressure.
• Able to work with a team.
• Fair communication in English.

Experience:

2 years required

Skills:

ISO 27001

Job type:

Full-time

• Perform risk assessment to identify risk areas of IT related operations..
• Evaluate the design and effectiveness of technology controls throughout the business cycle..
• Performing IT audit assignments which include (but are not limited to) operation reviews, application reviews, security reviews, infrastructure reviews and general IT control reviews..
• Perform UAT Testing..
• Performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems..
• Regularly report and update engagement status to supervisor..
• Help identify performance improvement opportunities for assigned clients..
• Identify and communicate IT audit findings to senior management and clients..
• Prepares and presents written and oral reports and other technical information in a pertinent, concise, and accurate manner..
• Follows up on audit findings to ensure that management has taken corrective action(s)..
• Provide support, maintain communication, and assist team in accomplishing audit objectives..
• Provide IT security and control related advisory to clients..
• Educate team for Security Awareness..
• Establish and maintain good relationships with clients..
• Bachelor s Degree in Computer Science, Computer Engineering, IT, or related fields, or equivalent work experience..
• Strong background in security controls, application security, network and system security, distributed system recovery time objectives, distributed systems administration, security auditing techniques and/or general computer controls..
• At least 2 years experience in IT audit or IT security.
• Knowledge of Risk management, IT Compliance, Cyber Security, ISO 27001will be an advantage..
• Professional certifications such as CISA or CISM is desirable.
• Ability to work independently and a reliable attitude..
• Possess good analytical, troubleshooting, and interpersonal skills..

Skills:

ISO 27001, Compliance, Assurance, English

Job type:

Full-time

• Develop and support internal audit strategies within the cybersecurity domain, which involves protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
• Implement work standards to achieve desired outcomes and report findings to top management as a Cyber Security Auditor.
• Identify potential cybersecurity risks and persuade organizational stakeholders to adopt comprehensive, actionable recommendations.
• Act as a liaison with internal auditors, external auditors, Bank of Thailand auditors, Electronic Transactions Development Agency auditors, and other regulatory bodies (e.g., ISO 27001, PCI DSS, etc.) to ensure documentation and information compliance.
• Provide assurance and advisory services to ensure that IT Management plans, organizes, and directs appropriate IT governance, risk management, and control processes.
• Liaise with IT risk owners to develop risk-based assessments and establish risk response programs and reporting processes according to the Risk Management Policy and Framework.
• Bachelor's or master s degree in Computer Engineering, Computer Science, Information Technology, or related fields..
• Experience in relevant local and international security standards and best practices such as ISO 27001, NIST, COBIT, COSO, PCI DSS, and ITIL.
• Experience in IT Governance, Risk Management, and Control Processes (IT GRC), Project Management, Lead Auditor/Lead Implementer, or similar roles is preferred.
• Professional certifications such as CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), and CRISC (Certified in Risk and Information Systems Control) are advantageous.
• Technical expertise in cybersecurity auditing.
• Proficiency in English.
• At least 3 years of experience in information security management, information risk management, IT audit management, ICT security, cloud security, or related fields.

Skills:

ISO 27001

Job type:

Full-time

• Protect the organization's computer networks and systems against a range of cyber threats, such as hacking attempts, data breaches, and different types of cyber attacks. The
• responsibilities of this role include creating, deploying, and overseeing security strategies and technologies to defend the organization IT security.
• Lead the strategic direction, development, and implementation of cybersecurity solutions and practices to protect the organization from sophisticated cyber threats and ...
• Serve as the foremost cybersecurity expert within the organization, providing deep technical expertise and leadership in the design, evaluation, and optimization of complex security architectures.
• Develop comprehensive cybersecurity frameworks that align with industry best practices and regulatory standards, ensuring the organization's resilience against cyber attacks.
• Conduct sophisticated risk assessments and threat modeling exercises to identify potential security gaps and develop advanced strategies for mitigation and prevention.
• Lead the incident response and crisis management efforts for high-impact security breaches, coordinating with cross-functional teams to ensure rapid containment and recovery.
• Drive the adoption of cutting-edge security technologies and methodologies, including artificial intelligence and machine learning, to enhance detection and response capabilities.
• Establish and maintain strong relationships with external cybersecurity agencies, industry groups, and technology partners to stay abreast of emerging threats and trends.
• Develop and manage the cybersecurity budget, ensuring strategic allocation of resources to high-priority projects and initiatives.
• Advanced degree in Computer Science, Information Security, or a related field, with specialized knowledge in cybersecurity.
• A minimum of 5 years of experience in Infrastructure, 3 years of cybersecurity, with at least 2 years in a strategic leadership or management role overseeing cybersecurity functions.
• Professional cybersecurity certifications, such as CISSP, CISM, CCSP, or similar, are required.
• Proven expertise in developing and implementing cybersecurity strategies and architectures to protect complex enterprise environments.
• Other: Deep knowledge of the cybersecurity landscape, including emerging threats, advanced persistent threats (APT), regulatory requirements, and industry best practices.
• Other: ISO 27001.

Skills:

Compliance, ISO 27001, Accounting

Job type:

Full-time

• Lead the testing of internal controls related to business processes and IT systems, ensuring compliance with relevant regulations (AML, SEC, ISO 27001, PDPA).
• Assist the execution of the audit program by gathering and analyzing data to assess the effectiveness of controls and processes across the business and IT domains.
• Foster effective communication with auditees and collaborate closely with relevant teams to ensure timely and accurate delivery of audit documentation.
• Assist the IT Audit Manager with various ad-hoc tasks to enhance the efficiency and effectiveness of the internal audit team.
• Mentor and guide team members, promoting a culture of continuous improvement and adherence to best practices in IT auditing.
• Prepare comprehensive audit reports summarizing findings, recommendations, and action plans for management review.
• Identify and assess potential risks related to IT systems and processes, recommending improvements to mitigate those risks.
• Bachelor s degree in Accounting, Finance, and Information Technology.
• 4-5 years in IT audit or compliance, including supervisory experience.
• In-depth knowledge of IT governance and regulatory requirements.
• Certifications: CISA, CIA, or similar certifications.
• Understand the concept of three lines of Defense, Risk Management, Internal Control, and Auditing Process.
• Having a strong interest in the Crypto Market and Blockchain and being able to describe the basic infrastructure of the capital market or/and crypto market.
• Familiar with the concept of Anti-Money Laundry, KYC, PDPA and industry regulator.
• Leadership and team management abilities; excellent organizational skills.

Experience:

5 years required

Skills:

Research, ISO 27001, Enthusiastic, English

Job type:

Full-time

• Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products.
• Conduct technical and operational threat intelligence research, both independently and as part of a wider team.
• Identify emerging threats, techniques and trends, the means of protecting or defending against them, and articulate these in a range of report formats to relevant stakeholders.
• Conduct deep-level analysis of malware, including how it is developed, functions, and employed.
• Support the Consulting and Managed CTI teams, Vulnerability Management, Incident Response and CSOC team with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats.
• Support Cybersecurity Posture Management to guarantee that a good cybersecurity posture is consistently maintained at an acceptable level. Liaison with external audit, internal audit, financial crime and associated consultants, and the group firm.
• Assist technology security team leaders/others in responding to cybersecurity incidents that have an impact on cybersecurity posture, in order to guarantee quick reaction, tracking, and proper maintenance.
• Assist in R&D and innovation on cybersecurity technology and approaches for continuous cybersecurity uplift.
• Qualifications Bachelor s or Master degree in computer science, Computer Engineering, Information Technology, or related field.
• At least 5 years of experience in Information Security or a related field.
• Knowledge of security technology e.g. WAF, SIEM, EDR, IAM, CSOC and Vulnerability Management.
• Experience in cloud cybersecurity technologies and services.
• Exposure to malware reverse engineering, network intrusion analysis, host intrusion analysis, log analysis, vulnerability research or digital forensics is preferred.
• Strong understanding of industry best practices and standards, including ISO 27001, NIST, and CIS is preferred.
• Relevant certifications such as CISSP, CISM, or CISA are a plus.
• Excellent communication and problem-analytical skills, with the ability to communicate complex security issues to non-technical stakeholders.
• Effective English for verbal, written communication.
• Enthusiastic, thriving, good interpersonal skills.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

Experience:

5 years required

Skills:

Compliance, ISO 27001, Legal

Job type:

Full-time

• Design and implement a cybersecurity strategy that aligns with the organization's overall business objectives.
• Conduct regular security risk assessments, vulnerability assessments, and penetration testing to evaluate the organization s cyber defenses; subsequently, develop and implement security risk mitigation strategies and programs.
• Lead and coordinate response efforts in the event of security incidents, overseeing investigation, mitigation, and post-incident analysis.
• Compliance & Regulatory Management.
• Ensure adherence to relevant laws, regulations, and standards (e.g., PDPA).
• Implement and lead initiatives for security and compliance audit certifications, including ISO 27001, NIST, the Cyber Resilience Assessment Framework (C-RAF), and other applicable standards and best practices.
• Recommend, implement, and manage continuous monitoring of IT security systems and tools.
• Collaborate with legal and data protection teams to establish policies and safeguards for sensitive and personal data.
• IT Governance.
• Establish and maintain an IT governance framework, policies, and processes that align with the organization s business goals while ensuring compliance with legal, regulatory, corporate, and industry requirements.
• Work in partnership with management, legal, finance, and external auditors to promote transparency and alignment in governance practices.
• Generate and present reports on IT governance performance, compliance status, and the risk landscape to stakeholders.
• Data Governance.
• Develop and implement data governance policies that ensure data quality, security, and compliance.
• Manage the data lifecycle, align data strategies with business objectives, and collaborate with cross-functional teams to enhance data integrity.
• Oversee data stewardship, regulatory compliance, and provide best practices for data management to support effective decision-making.
• Team Leadership and Development.
• Lead and mentor a small team of IT governance, compliance, and security professionals.
• Foster a culture of continuous improvement and knowledge sharing within the team and across business units.
• Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• A minimum of 5 years of experience in IT governance, cybersecurity, and compliance, with at least 2 years in a managerial role.
• Strong understanding of IT governance frameworks (e.g., ITIL, COBIT), cybersecurity standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., PDPA).
• Possession of basic IT governance and cybersecurity certifications (e.g., CISSP, CISM) is advantageous.
• Proficient in common technical team/project management tools (e.g., JIRA, Asana, Github). Collaborative team player with strong interpersonal skills, capable of working effectively with both internal and external teams.
• Working-level fluency in English and Thai. Proficient in English equivalent to IELTS 5.5, CEFR B2, or TOEFL 72; excellent spoken and written communication to effectively work with a global management team.
• Familiarity with local regulatory bodies (e.g., OIC, SEC, BOT) is a plus.
• Experience in the insurance industry will be an added advantage.

Experience:

2 years required

Skills:

Public Relations, Legal, Computer Security, English

Job type:

Full-time

• Executes cybersecurity engineer tasks including, but not limited to, security patch management, security vulnerability management, and security configuration management.
• Tests, implements, deploys, maintains, reviews, and administers the cybersecurity tools.
• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
• Identify potential conflicts with the implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
• Operates and maintains production information security systems.
• Ensures proper cybersecurity documentation is in place regarding standard operating procedures.
• Monitors the industry and external environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Oversees incident response planning and the investigation of security breaches and assists with any associated disciplinary, public relations, and legal matters.
• Applies expert knowledge and skills to resolve problems, including support concepts and methods, problem isolation and troubleshooting procedures, system and file recovery processes, and operating system and network configurations.
• Prepares and presents cogent and cohesive analyses and briefings advising management on new technological developments, techniques, and enhancements that result in increased time and cost efficiencies.
• Provides advice and assistance to troubleshoot the most complex problems in a manner that minimizes interruptions in the ability to carry out critical business activities.
• Supports rapid response teams in response to customer service problems resulting from catastrophic events such as virus infections or widespread power outages.
• Supports the development of a formal cyber security risk assessment program.
• Supports and assists in maintaining a vulnerability/gap/response assessment program.
• Supports the ongoing maintenance of the cyber-Kill Chain for the company, focusing on phases of cyber-attack and remediation/mitigation for each phase.
• Supports ongoing activities to develop, communicate, and support appropriate standards and risk controls associated with digital data.
• Supports the development and maintenance of a company Data Protection program.
• Responds to cybersecurity alerts.
• Cascade and leverage cybersecurity control and practice to the entire company group.
• Bachelor s or Master s degree in Computer Engineering, MIS, IT, or a related field.
• At least 2 years experience in computer security and 5 years in IT infrastructure.
• Have a foundation in good information security practices.
• Knowledge of International Security frameworks, Standards, and Guidelines, e.g., COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, etc.
• Experience in Security tools, e.g., EDR, ATP, WAF, IPS/IDS, Deception, TI/TIP, Anti DDoS.
• Experience in Cloud Environments, e.g., Google Cloud, AWS, Microsoft Azure.
• Experience with system and application security management and control.
• Experience with system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Experience with facilitating information security risk assessments.
• Technical writing, documentation development, process mapping, and visual communication skills.
• Hands-on experience with computer programming languages and/or scripting languages such as Python, Java, and Shell for automation.
• Professional certificates related to work (e.g., CISSP, CISM, AWS Certified Security, or similar general security certification) are desirable.
• Talent to identify and create a broad vision for a security solution and to execute it;.
• Systems Thinking - the ability to see how parts interact with the whole (big picture thinking).
• Proven experience of acting as an expert in project teams.
• A positive, can-do attitude who naturally expresses a high degree of empathy to others.
• Ability to explain your thoughts or findings also to non-technical professionals.
• Strong problem-solving and analytical abilities Able to work under minimal supervision, detail oriented.
• Excellent English (Spoken and Written).
• Location: True Digital Park, Punnawithi.

Skills:

Data Analysis, Risk Management, Compliance

Job type:

Full-time

• Perform audit work in accordance with internal audit policy and professional standards, and complete assignments in an efficient manner.
• Perform the planning, fieldwork, and reporting phases of the audit process by providing input during the audit process for determining scope, objectives, testing procedures, and audit recommendations.
• Use data analysis tools (queries/program/visualize) to automate audit testing and develop techniques for continuous auditing.
• Assessing and communicating information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information.
• Analyze the results of audit testing/data analysis performed and communicate best practices, identify areas for improvement and provide effective recommendations and audit conclusions.
• Provide consultation, advice, and related services to add value and improve SCB Group's risk management, control, and compliance processes.
• Knowledge, Skills, and Competency Bachelor's or higher in Accounting, Finance, MIS, Data Science, Computer Science, Statistics, similar field, or equivalent practical experience.
• Good concept of internal control; able to recognize significant control issues and exposures in emerging situations.
• Strong understanding and experience of IT internal controls and risk-based auditing (COBIT).
• Good knowledge of IT risk management, security and control and a clear understanding of the relationship between technology and business risk.
• Experience of auditing web applications and services, network, operating system, and database security.
• Experience of using cybersecurity and industry frameworks and standards such as NIST CSF, ISO 27001/2, PCI DSS, COBIT, and ITIL.
• Experience with SQL or similar data querying language.
• Experience programming in Python code strongly preferred.
• Experience in visualization tools such as Power BI, Tableau, Qlik; Power BI preferred.
• Self-motivated with the ability to manage multi-task.
• Ability to work independently under limited supervision and complete assignments timely.
• Strong communication skills through data visualizations, written and oral presentations.
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important.
• CIA, CPIAT, CISA preferred.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

Experience:

5 years required

Skills:

Compliance, Finance, Accounting

Job type:

Full-time

• Act as a trusted advisor to our clients as well as our engagement team to provide delivery leadership.
• Perform As-Is analysis of GRC maturity and provide robust recommendation for To-Be GRC stage by customizing with good practices for FSI industry or client industry.
• Develop / Assist and implement GRC strategies that align with the regulatory framework and business objectives of clients.
• Develop and deliver GRC policy, procedure, and training programs for clients on risk management, compliance, and governance best practices.
• Work closely with clients, business stakeholders, and technical teams to understand requirements, design solutions, and deliver successful implementations using GRC platforms.
• Conduct workshops and meetings with business stakeholders to understand their risk, compliance, business continuity management (BCM), Third Party Risk Management (TPRM) and Audit management needs.
• Translate business requirements into functional and technical specifications for GRC platform configuration.
• Assist in the design, configuration, and implementation of GRC solutions based on client requirements.
• Develop and customize GRC solutions, including workflow creation, dashboards, reporting features and integrations.
• Design powerful GRC insight dashboards for key stakeholders (e.g., top management, risk manager, risk owner, compliance team, internal audit team).
• Support User Acceptance Testing (UAT) and troubleshoot issues to ensure a smooth transition to production environments and system readiness.
• Provide ongoing support for GRC implementations, resolve issues, fine-tune systems to meet business and compliance needs, and monitor performance to recommend optimizations for continuous improvement.
• Create and deliver comprehensive documentation for system configurations, testing, user guides, and prepare regular reports on system performance, issues, and enhancements, ensuring the resource can effectively manage and deliver GRC project deliverables.
• Your role as a leader
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Consultant, Senior Consultant and Manager across our Firm are expected to:Develop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Align your team to key objectives as well as set clear priorities and direction.
• Make informed decisions that positively impact the sustainable financial performance and enhance the quality of outcomes.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Lead with integrity and make a strong positive impact by energising others, valuing individual differences, recognising contributions, and inspiring self-belief.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Qualifications:Bachelor s degree in finance, Accounting, Information Systems, Risk Management, or related field.
• GRC Platform certifications (e.g., Archer, ServiceNow, MetricStream, Bwise, IBM Open Pages) are highly preferred.
• Relevant certifications (e.g., CPA, CFA, GRCP, CRM, CRISC, CISA, CISM) are highly preferred.
• 5+ years of extensive experience in Risk Management & Compliance, BCM, Third-Party Risk Management and Audit Management within the banking or financial services industry.
• Hands-on experience in implementing, configuring, and managing GRC platforms.
• Fair understanding in banking products and overall banking processes.
• Strong understanding of global and local regulatory requirements such as Bank of Thailand (BOT), MAS, ISO 27001, Basel, COSO, IIA and related financial compliance frameworks.
• Experience in GRC consulting or professional firm or project management roles is highly preferred.
• Technical Skills:Hands on experience of GRC processes configuration and automation within GRC platforms, including but not limited to access control, workflow configuration, reporting, and dashboard creation.
• Hands-on experience integrating GRC platform with various systems (e.g., ERP, ITSM, SAP, Oracle, JIRA) using multiple integration methods, including REST/SOAP Web Services, API-based integrations, flat file transfers, and middleware solutions.
• In-depth knowledge of HTML, CSS, and XML, with experience in applying these technologies for system customization.
• Experience in installation, upgrading, and maintaining infrastructure for GRC platforms, ensuring optimal performance and system stability.
• Soft Skills:Excellent written and verbal communication skills with the ability to work effectively with both technical and non-technical stakeholders.
• Strong client-facing skills and ability to build and maintain client relationships.
• Excellent problem-solving capabilities, adaptability, and critical thinking, with an analytical mindset to solve complex issues and provide strategic recommendations in GRC roles.
• Highly organized with attention to detail and the ability to manage multiple projects simultaneously.
• Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorised Deloitte Recruiters via firm s business contact number or business email address.Requisition ID: 106944In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Skills:

Risk Management, Software Development, Kubernetes

Job type:

Full-time

• Design, develop, and maintain security systems, tools, and best practices across the stack (frontend, backend, mobile, and infrastructure).
• Identify, assess, and mitigate security vulnerabilities through proactive risk management and threat modeling.
• Collaborate with product managers and developers to embed security into the software development lifecycle (SDLC).
• Develop and enforce policies for secure coding, data protection, and incident response.
• Implement robust authentication and authorization mechanisms.
• Conduct regular security assessments, including penetration testing and code reviews.
• Monitor, detect, and respond to security incidents using advanced tools and methodologies.
• Enhance infrastructure security using Kubernetes, Docker, and cloud platforms (GCP, AWS).
• Stay current on emerging threats, vulnerabilities, and security trends, and recommend actionable insights to improve defenses.
• Champion security awareness across the organization, including training sessions and knowledge-sharing activities.
• Ensure compliance with relevant security standards and regulations such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Basic QualificationsProven expertise in application security, cloud security, and infrastructure security.
• Proficiency in securing systems built with technologies such as Node.js, Golang, Elixir, Python, React, Svelte, or Flutter.
• Experience with tools like Docker, Kubernetes, and cloud services (GCP, AWS).
• Strong understanding of cryptographic principles and secure communication protocols.
• Familiarity with CI/CD pipelines and secure DevOps practices.
• Hands-on experience with security tools for vulnerability scanning, penetration testing, and threat detection.
• Deep understanding of database security, especially with PostgreSQL or other relational or non-relational databases.
• Strong analytical and problem-solving skills with a security-first mindset.
• Excellent communication skills and the ability to collaborate effectively in Agile teams.
• Self-motivation, adaptability, and a strong work ethic.
• Preferred Qualifications We re especially excited if you bring:Experience leading security initiatives or mentoring other engineers in security best practices.
• Expertise in compliance frameworks such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Advanced knowledge of security monitoring and incident response systems.
• Strong system design skills with a focus on secure architectures and long-term trade-offs.
• A proven track record of securing fast-paced, high-growth tech environments.
• A passion for securing user-centric products and contributing to their success.
• Perks & Benefits Flat Structure As we continue to grow fast, we strive to retain our culture where everyone is heard, contributes, and grows with the company..
• Work-life Harmony We believe that quality time outside of work is important to sustaining a healthy and happy lifestyle.
• Remote Work Hybrid-mode activated! It comes with the package: flexibility, focus and productivity!.
• Urban Office One breath from Phrom Phong BTS. No sweat whatsoever! The office should also feel like a second home so we dedicated a lot of care and resources into building the best environment for you to wake up to every morning.
• Fun Workshop The best relationships are built over new experiences, that s why we have workshops filled with a range of activities for you to look forward to and enjoy.
• Game Tournament It s getting fun and competitive! Challenge doesn t only have to come from work. Own the championship and show the peeps how great of a gamer (and player) you are.
• Group Insurance Health comes first, we know, don t worry, we ve got you covered.
• Health & Wellness Only a healthy army wins the war. We invest to take care of you from physical, mental and happiness-level. Adopted health & wellness applications plus activities to make sure everyone here is on cloud nine

Experience:

1 year required

Skills:

Compliance, Risk Management, Project Management, English

Job type:

Full-time

• Project Delivery/Management: Support the delivery of data security projects focused on implementing tools such as Opentext, Securiti.AI, Fortanix, Guardium, OneTrust, Thales, Protegrity, and others across Southeast Asia.
• Client Collaboration: Work with clients to assess comprehensive data security risks and provide tailored recommendations for implementing capabilities including for data discovery, classification, encryption, anonymization, tokenization, certificate management, key management, safe data deletion, data loss prevention, Information Prot ...
• Subject Matter Expertise: Offer deep knowledge on security capabilities such as identity management, encryption, endpoint management, data loss prevention, email security, web and browser security, zero trust and key and certificate mgt. (e.g., Information and Data Protection, DLP, Insider Risk Management).
• Configuration and Deployment: Support the setup and deployment of data security solutions, ensuring seamless integration with client environments.
• Project Delivery: Ensure successful delivery of data security solutions across on-premise and cloud environment through strong project management and leadership.
• Client Relationships: Build and nurture positive working relationships with clients, aiming to exceed their expectations.
• Profitability Improvement: Identify opportunities to enhance engagement profitability through automation, creation of accelerators, and reuse of best practices.
• Your role as a leader At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves everyday to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. In addition to living our purpose, Senior Consultants across our Firm are expected to:Understand objectives for stakeholders, clients and Deloitte whilst aligning own performance to objectives and sets personal priorities.
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador.
• Seek opportunities to challenge themselves, collaborate with others to deliver and takes accountability for results.
• Build relationships and communicates effectively in order to positively influence peers and stakeholders.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.
• Requirements:Degree in cyber security, computer science, business IT or equivalent.
• 15+ years of experience in cybersecurity, with a focus in data security, particularly in developing, implementing, or architecting security solutions from one or more of the listed vendor solutions above.
• 5+ years of hands-on experience with tools across and such as: Identity(Active Directory), Data Security including encryption solutions for storage, databases, networks (Guardium, Opentext, Protegrity, Fortanix, Securiti.AI etc), tokenization (for structured data), digital rights management for unstructured data (MS IRM / Purview), data loss prevention (Symantec, MS, Trellix, Zscaler), data posture mgt. (BigID, Sentra, Wiz, Securiti.AI, IBM Guardium etc.) and should have hands on experience including configuration, deployment, and management.
• Familiarity with standards, frameworks and privacy laws such as ISO/IEC 27701, ISO/IEC 27001, GDPR, PDPA and DAMA International Data Management Body of Knowledge (DAMA-DMBOK) would be a plus.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• Preferred CIPP, CIPM, CIPT, CISSP certification or related security certification.
• Able to speak Thai and English fluently.
• Due to volume of applications, we regret that only shortlisted candidates will be notified.
• Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. Requisition ID: 109088In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Experience:

7 years required

Skills:

Compliance, Risk Management, Project Management, English

Job type:

Full-time

• Project Delivery/Management: Support the delivery of data security projects focused on implementing tools such as Opentext, Securiti.AI, Fortanix, Guardium, OneTrust, Thales, Protegrity, and others across Southeast Asia.
• Client Collaboration: Work with clients to assess comprehensive data security risks and provide tailored recommendations for implementing capabilities including for data discovery, classification, encryption, anonymization, tokenization, certificate management, key management, safe data deletion, data loss prevention, Information Prot ...
• Subject Matter Expertise: Offer deep knowledge on security capabilities such as identity management, encryption, endpoint management, data loss prevention, email security, web and browser security, zero trust and key and certificate mgt. (e.g., Information and Data Protection, DLP, Insider Risk Management).
• Configuration and Deployment: Support the setup and deployment of data security solutions, ensuring seamless integration with client environments.
• Project Delivery: Ensure successful delivery of data security solutions across on-premise and cloud environment through strong project management and leadership.
• Client Relationships: Build and nurture positive working relationships with clients, aiming to exceed their expectations.
• Profitability Improvement: Identify opportunities to enhance engagement profitability through automation, creation of accelerators, and reuse of best practices.
• Understand objectives for stakeholders, clients and Deloitte whilst aligning own performance to objectives and sets personal priorities.
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador.
• Seek opportunities to challenge themselves, collaborate with others to deliver and takes accountability for results.
• Build relationships and communicates effectively in order to positively influence peers and stakeholders.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.
• Requirements:Degree in cyber security, computer science, business IT or equivalent.
• 7+ years of experience in cybersecurity, with a focus in data security, particularly in developing, implementing, or architecting security solutions from one or more of the listed vendor solutions above.
• 1+ years of hands-on experience with tools across and such as: Identity(Active Directory), Data Security including encryption solutions for storage, databases, networks (Guardium, Opentext, Protegrity, Fortanix, Securiti.AI etc), tokenization (for structured data), digital rights management for unstructured data (MS IRM / Purview), data loss prevention (Symantec, MS, Trellix, Zscaler), data posture mgt. (BigID, Sentra, Wiz, Securiti.AI, IBM Guardium etc.) and should have hands on experience including configuration, deployment, and management.
• Familiarity with standards, frameworks and privacy laws such as ISO/IEC 27701, ISO/IEC 27001, GDPR, PDPA and DAMA International Data Management Body of Knowledge (DAMA-DMBOK) would be a plus.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• Preferred CIPP, CIPM, CIPT, CISSP certification or related security certification.
• Able to speak Thai and English fluently.
• Due to volume of applications, we regret that only shortlisted candidates will be notified.
• Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. #LI-AA1Requisition ID: 107972In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Experience:

7 years required

Skills:

Compliance, Risk Management, Project Management, English

Job type:

Full-time

• Project Delivery/Management:Support the delivery of data security projects focused on implementing tools such as Opentext, Securiti.AI, Fortanix, Guardium, OneTrust, Thales, Protegrity, and others across Southeast Asia.
• Client Collaboration: Work with clients to assess comprehensive data security risks and provide tailored recommendations for implementing capabilities including for data discovery, classification, encryption, anonymization, tokenization, certificate management, key management, safe data deletion, data loss prevention, Information Prot ...
• Subject Matter Expertise:Offer deep knowledge on security capabilities such as identity management, encryption, endpoint management, data loss prevention, email security, web and browser security, zero trust and key and certificate mgt. (e.g., Information and Data Protection, DLP, Insider Risk Management).
• Configuration and Deployment: Support the setup and deployment of data security solutions, ensuring seamless integration with client environments.
• Project Delivery: Ensure successful delivery of data security solutions across on-premise and cloud environment through strong project management and leadership.
• Client Relationships: Build and nurture positive working relationships with clients, aiming to exceed their expectations.
• Profitability Improvement: Identify opportunities to enhance engagement profitability through automation, creation of accelerators, and reuse of best practices.
• Your role as a leader: At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Senior Consultants across our Firm are expected to:Actively seek out developmental opportunities for growth, act as strong brand ambassadors for the firm as well as share their knowledge and experience with others.
• Respect the needs of their colleagues and build up cooperative relationships.
• Understand the goals of our internal and external stakeholder to set personal priorities as well as align their teams work to achieve the objectives.
• Constantly challenge themselves, collaborate with others to deliver on tasks and take accountability for the results.
• Build productive relationships and communicate effectively in order to positively influence teams and other stakeholders.
• Offer insights based on a solid understanding of what makes Deloitte successful.
• Project integrity and confidence while motivating others through team collaboration as well as recognising individual strengths, differences, and contributions.
• Understand disruptive trends and promote potential opportunities for improvement.
• Requirements: If you are someone with:Degree in cyber security, computer science, business IT or equivalent.
• 5+ years of experience in cybersecurity, with a focus in data security, particularly in developing, implementing, or architecting security solutions from one or more of the listed vendor solutions above.
• 1+ years of hands-on experience with tools across and such as: Identity(Active Directory), Data Security including encryption solutions for storage, databases, networks (Guardium, Opentext, Protegrity, Fortanix, Securiti.AI etc), tokenization (for structured data), digital rights management for unstructured data (MS IRM / Purview), data loss prevention (Symantec, MS, Trellix, Zscaler), data posture mgt. (BigID, Sentra, Wiz, Securiti.AI, IBM Guardium etc.) and should have hands on experience including configuration, deployment, and management.
• Familiarity with standards, frameworks and privacy laws such as ISO/IEC 27701, ISO/IEC 27001, GDPR, PDPA and DAMA International Data Management Body of Knowledge (DAMA-DMBOK) would be a plus.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• Preferred CIPP, CIPM, CIPT, CISSP certification or related security certification.
• Able to speak Thai and English fluently.
• Due to volume of applications, we regret that only shortlisted candidates will be notified.
• Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. Requisition ID: 108675In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Skills:

Microsoft Azure, Automation, Compliance, English

Job type:

Full-time

• Define policy and procedure for relevant cloud infrastructure, operations, and security.
• Define strategy and roadmap for relevant areas includes cloud infrastructure architecture, operations, and security.
• Collaborate with related parties and AEC subsidiaries to align key IT strategies and business strategies.
• Ensure cloud architecture aligns with defined policy/procedure and regulatory requirements.
• Provide consulting service to AEC subsidiaries for cloud infrastructure architecture in high level perspective.
• Conduct regular meetings with AEC subsidiaries for update and ensure implementation plan of in-scope areas meet timeline.
• Proactive work to minimize business impact.
• Work on new technology and initiatives to improve efficiency.
• Bachelor s degree or higher in Management Information System, Computer Science, Computer Engineering or related fields.
• At least 10 years in overall IT Infrastructure with minimum 3 years of experience working with AWS or Microsoft Azure.
• Have broad knowledge and background in IT Infrastructure including Cloud Infrastructure, Network, etc.
• Understanding of cloud architecture and deployment with automation tools (e.g., Terraform, Ansible).
• Familiarity with cloud governance frameworks and compliance standards (e.g., ISO 27001, PDPA).
• Good knowledge of ITIL process e.g., Change Management, Problem Management, Patch Management, etc.
• Experience with team management or working with regional team is a plus.
• Strong analytical skills, consulting mindset, and logical thinking.
• Strong interpersonal and negotiation skills.
• Demonstrates strong written and verbal communication skills in English.
• Able to travel internationally as required.
• Only shortlisted candidates will be contacted*
• Talent Acquisition Department
• Bank of Ayudhya Public Company Limited
• 1222 Rama III Rd., Bangpongpang, Yannawa, Bangkok 10120
• Contact: Talent Acquisition Center:.
• Applicants can read the Personal Data Protection Announcement of the Bank's Human Resources Function by typing the link from the image that stated below.
• EN: (https://krungsri.com/b/privacynoticeen).
• ผู้สมัครสามารถอ่านประกาศการคุ้มครองข้อมูลส่วนบุคคลส่วนงานทรัพยากรบุคคลของธนาคารได้โดยการพิมพ์ลิงค์จากรูปภาพที่ปรากฎด้านล่าง.
• ภาษาไทย: (https://krungsri.com/b/privacynoticeth).
• หมายเหตุ ธนาคารมีความจำเป็นและจะมีขั้นตอนการตรวจสอบข้อมูลส่วนบุคคลเกี่ยวกับประวัติอาชญากรรมของผู้สมัคร ก่อนที่ผู้สมัครจะได้รับการพิจารณาเข้าร่วมงานกับธนาคารกรุงศรีฯ.
• Remark: The bank needs to and will have a process for verifying personal information related to the criminal history of applicants before they are considered for employment with the bank.

Skills:

Assurance, Compliance, Risk Management

Job type:

Full-time

• Develop and implement security governance frameworks, policies, and standards.
• Conduct audits and risk assessments to ensure compliance with governance requirements.
• Monitor and report on security governance metrics and KPIs.
• Provide guidance on security governance best practices to internal stakeholders.
• Coordinate with external auditors and regulatory bodies as needed.
• Develop and deliver security governance training programs.
• Investigate and resolve governance-related issues and incidents.
• Assess and recommend security governance tools and technologies.
• Bachelor s degree in Information Technology, Cybersecurity, or a related field.
• Experience: 2-4 years in security governance, risk management, or compliance roles.
• Experience in developing and maintaining security policies and procedures.
• Ability to identify, report, and mitigate security risks.
• Familiarity with ISO 27001, ISO 27701, and SOC 2 frameworks.
• Experience in conducting governance awareness sessions.
• Strong communication, prioritization, and interpersonal abilities.
• Remark: Given the nature of the mentioned position, where employees are involved with customer data and asset values, and/or the company, to comply with legal and regulatory standards established by the Securities and Exchange Commission, as well as to align with laws and overseeing agencies, the company requires a criminal background check as part of the post-interview process before joining the company. Your criminal history information will be retained for a period of 6 months from the start date..
• Important: Candidate Privacy Policy.
• สำคัญ:โปรดอ่านและทำความเข้าใจ: นโยบายความเป็นส่วนตัวด้านทรัพยากรบุคคล สำหรับผู้สมัครงาน และผู้สมัครเข้าฝึกงาน*..
• Don't forget to 'Like' and 'Follow' our social media channels so you won't miss any news from us. Click.