ROLE & RESPONSIBILITY

• Develop data security policy review, data security policy exceptions, and control risk mitigation processes
• Define the security controls for access management lifecycle (i.e., requirement for creation, deletion, transfer and review)

• Advice on technology relating to Data Privacy and Protection (i.e., PDPA) related security controls implementation
• Drive and support data security controls such as Data Loss Prevention (DLP), Data Masking, Data Encryption capabilities to protect sensitive data
• Drive compliance (or collaborate with compliance team) to organization security policies, standards, metrics, and legal requirements
• Communicate and enforce security policies, rules, and standards
• Conduct impact assessment of data initiatives from a security point of view
• Ensure the cryptographic keys and related components are safety and protection of confidential information
• Resolve data security audit and risk findings
• Review and develop security controls to current access controls policies and procedures
• Provide requirements for create and manage roles, access rights (includes privileged access), authentication and identity within the environment
• Conduct periodic review of user access
• Review, approve and monitor the usage of privileged access

EDUCATION

• Bachelor’s degree in computer science, Information Systems, or equivalent education or work experience

EXPERIENCE

• Work experience in privacy, compliance, information security, auditing or a related field may also be an accepted alternative, according to Cybersecurity.
• Minimum 3 years of experience in and strong knowledge of privacy, data, operational risk management, information security, or related areas in IT

OTHER REQUIREMENTS