Filter Jobs

Experience:

5 years required

Skills:

Compliance, Risk Management, ISO 27001

Job type:

Full-time

• Develop and implement IT governance frameworks, policies, and procedures that align with industry best practices, regulatory requirements, the company and technology team objectives.
• Design and implement controls and mitigation strategies to address identified risks and ensure compliance with relevant regulations and industry standards.
• Collaborate with key stakeholders to identify and document IT governance goals, objectives, and key performance indicators (KPIs) that align with the company and techno ...
• Collaborate with IT and business stakeholders to balance business agility and IT risk.
• Coordinate and participate in audits and assessments to evaluate the effectiveness of IT governance controls and ensure compliance with internal policies and external regulations.
• Monitor and report on the effectiveness of IT governance controls, identify areas for improvement, and recommend appropriate remediation actions.
• Regularly review existing policies and procedures to identify gaps and areas of improvement.
• Maintain a thorough understanding of emerging trends, technologies, and regulatory changes that could impact the company s IT operations and governance.
• Bachelor s degree in Computer Science/Engineering, Information Systems, or IT related field.
• At least 5 years of work experience and 2 years in IT governance, risk management, or IT audit.
• Strong knowledge of IT governance standards and frameworks such as COBIT, ITIL, ISO 27001, etc.
• Solid understanding of cyber security principles and data privacy regulations.
• Exceptional communication skills with the ability to present complex IT concepts to non-technical stakeholders.
• Analytical mindset with strong problem-solving skills and attention to detail.
• Proven project management and leadership skills.
• Familiarity with cloud technologies and their governance requirements.
• Experience in a startup or tech-oriented environment.
• If you are passionate about IT governance and want to make a significant impact in a dynamic startup environment, we would love to hear from you!.

Experience:

5 years required

Skills:

Research, ISO 27001, Enthusiastic, English

Job type:

Full-time

• Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products.
• Conduct technical and operational threat intelligence research, both independently and as part of a wider team.
• Identify emerging threats, techniques and trends, the means of protecting or defending against them, and articulate these in a range of report formats to relevant stakeholders.
• Conduct deep-level analysis of malware, including how it is developed, functions, and employed.
• Support the Consulting and Managed CTI teams, Vulnerability Management, Incident Response and CSOC team with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats.
• Support Cybersecurity Posture Management to guarantee that a good cybersecurity posture is consistently maintained at an acceptable level. Liaison with external audit, internal audit, financial crime and associated consultants, and the group firm.
• Assist technology security team leaders/others in responding to cybersecurity incidents that have an impact on cybersecurity posture, in order to guarantee quick reaction, tracking, and proper maintenance.
• Assist in R&D and innovation on cybersecurity technology and approaches for continuous cybersecurity uplift.
• Qualifications Bachelor s or Master degree in computer science, Computer Engineering, Information Technology, or related field.
• At least 5 years of experience in Information Security or a related field.
• Knowledge of security technology e.g. WAF, SIEM, EDR, IAM, CSOC and Vulnerability Management.
• Experience in cloud cybersecurity technologies and services.
• Exposure to malware reverse engineering, network intrusion analysis, host intrusion analysis, log analysis, vulnerability research or digital forensics is preferred.
• Strong understanding of industry best practices and standards, including ISO 27001, NIST, and CIS is preferred.
• Relevant certifications such as CISSP, CISM, or CISA are a plus.
• Excellent communication and problem-analytical skills, with the ability to communicate complex security issues to non-technical stakeholders.
• Effective English for verbal, written communication.
• Enthusiastic, thriving, good interpersonal skills.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

Experience:

5 years required

Skills:

Compliance, ISO 27001, Legal

Job type:

Full-time

• Design and implement a cybersecurity strategy that aligns with the organization's overall business objectives.
• Conduct regular security risk assessments, vulnerability assessments, and penetration testing to evaluate the organization s cyber defenses; subsequently, develop and implement security risk mitigation strategies and programs.
• Lead and coordinate response efforts in the event of security incidents, overseeing investigation, mitigation, and post-incident analysis.
• Compliance & Regulatory Management.
• Ensure adherence to relevant laws, regulations, and standards (e.g., PDPA).
• Implement and lead initiatives for security and compliance audit certifications, including ISO 27001, NIST, the Cyber Resilience Assessment Framework (C-RAF), and other applicable standards and best practices.
• Recommend, implement, and manage continuous monitoring of IT security systems and tools.
• Collaborate with legal and data protection teams to establish policies and safeguards for sensitive and personal data.
• IT Governance.
• Establish and maintain an IT governance framework, policies, and processes that align with the organization s business goals while ensuring compliance with legal, regulatory, corporate, and industry requirements.
• Work in partnership with management, legal, finance, and external auditors to promote transparency and alignment in governance practices.
• Generate and present reports on IT governance performance, compliance status, and the risk landscape to stakeholders.
• Data Governance.
• Develop and implement data governance policies that ensure data quality, security, and compliance.
• Manage the data lifecycle, align data strategies with business objectives, and collaborate with cross-functional teams to enhance data integrity.
• Oversee data stewardship, regulatory compliance, and provide best practices for data management to support effective decision-making.
• Team Leadership and Development.
• Lead and mentor a small team of IT governance, compliance, and security professionals.
• Foster a culture of continuous improvement and knowledge sharing within the team and across business units.
• Bachelor s or Master s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• A minimum of 5 years of experience in IT governance, cybersecurity, and compliance, with at least 2 years in a managerial role.
• Strong understanding of IT governance frameworks (e.g., ITIL, COBIT), cybersecurity standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., PDPA).
• Possession of basic IT governance and cybersecurity certifications (e.g., CISSP, CISM) is advantageous.
• Proficient in common technical team/project management tools (e.g., JIRA, Asana, Github). Collaborative team player with strong interpersonal skills, capable of working effectively with both internal and external teams.
• Working-level fluency in English and Thai. Proficient in English equivalent to IELTS 5.5, CEFR B2, or TOEFL 72; excellent spoken and written communication to effectively work with a global management team.
• Familiarity with local regulatory bodies (e.g., OIC, SEC, BOT) is a plus.
• Experience in the insurance industry will be an added advantage.

Experience:

2 years required

Skills:

Public Relations, Legal, Computer Security, English

Job type:

Full-time

• Executes cybersecurity engineer tasks including, but not limited to, security patch management, security vulnerability management, and security configuration management.
• Tests, implements, deploys, maintains, reviews, and administers the cybersecurity tools.
• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
• Identify potential conflicts with the implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
• Operates and maintains production information security systems.
• Ensures proper cybersecurity documentation is in place regarding standard operating procedures.
• Monitors the industry and external environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Oversees incident response planning and the investigation of security breaches and assists with any associated disciplinary, public relations, and legal matters.
• Applies expert knowledge and skills to resolve problems, including support concepts and methods, problem isolation and troubleshooting procedures, system and file recovery processes, and operating system and network configurations.
• Prepares and presents cogent and cohesive analyses and briefings advising management on new technological developments, techniques, and enhancements that result in increased time and cost efficiencies.
• Provides advice and assistance to troubleshoot the most complex problems in a manner that minimizes interruptions in the ability to carry out critical business activities.
• Supports rapid response teams in response to customer service problems resulting from catastrophic events such as virus infections or widespread power outages.
• Supports the development of a formal cyber security risk assessment program.
• Supports and assists in maintaining a vulnerability/gap/response assessment program.
• Supports the ongoing maintenance of the cyber-Kill Chain for the company, focusing on phases of cyber-attack and remediation/mitigation for each phase.
• Supports ongoing activities to develop, communicate, and support appropriate standards and risk controls associated with digital data.
• Supports the development and maintenance of a company Data Protection program.
• Responds to cybersecurity alerts.
• Cascade and leverage cybersecurity control and practice to the entire company group.
• Bachelor s or Master s degree in Computer Engineering, MIS, IT, or a related field.
• At least 2 years experience in computer security and 5 years in IT infrastructure.
• Have a foundation in good information security practices.
• Knowledge of International Security frameworks, Standards, and Guidelines, e.g., COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, etc.
• Experience in Security tools, e.g., EDR, ATP, WAF, IPS/IDS, Deception, TI/TIP, Anti DDoS.
• Experience in Cloud Environments, e.g., Google Cloud, AWS, Microsoft Azure.
• Experience with system and application security management and control.
• Experience with system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Experience with facilitating information security risk assessments.
• Technical writing, documentation development, process mapping, and visual communication skills.
• Hands-on experience with computer programming languages and/or scripting languages such as Python, Java, and Shell for automation.
• Professional certificates related to work (e.g., CISSP, CISM, AWS Certified Security, or similar general security certification) are desirable.
• Talent to identify and create a broad vision for a security solution and to execute it;.
• Systems Thinking - the ability to see how parts interact with the whole (big picture thinking).
• Proven experience of acting as an expert in project teams.
• A positive, can-do attitude who naturally expresses a high degree of empathy to others.
• Ability to explain your thoughts or findings also to non-technical professionals.
• Strong problem-solving and analytical abilities Able to work under minimal supervision, detail oriented.
• Excellent English (Spoken and Written).
• Location: True Digital Park, Punnawithi.

Skills:

Data Analysis, Risk Management, Compliance

Job type:

Full-time

• Perform audit work in accordance with internal audit policy and professional standards, and complete assignments in an efficient manner.
• Perform the planning, fieldwork, and reporting phases of the audit process by providing input during the audit process for determining scope, objectives, testing procedures, and audit recommendations.
• Use data analysis tools (queries/program/visualize) to automate audit testing and develop techniques for continuous auditing.
• Assessing and communicating information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information.
• Analyze the results of audit testing/data analysis performed and communicate best practices, identify areas for improvement and provide effective recommendations and audit conclusions.
• Provide consultation, advice, and related services to add value and improve SCB Group's risk management, control, and compliance processes.
• Knowledge, Skills, and Competency Bachelor's or higher in Accounting, Finance, MIS, Data Science, Computer Science, Statistics, similar field, or equivalent practical experience.
• Good concept of internal control; able to recognize significant control issues and exposures in emerging situations.
• Strong understanding and experience of IT internal controls and risk-based auditing (COBIT).
• Good knowledge of IT risk management, security and control and a clear understanding of the relationship between technology and business risk.
• Experience of auditing web applications and services, network, operating system, and database security.
• Experience of using cybersecurity and industry frameworks and standards such as NIST CSF, ISO 27001/2, PCI DSS, COBIT, and ITIL.
• Experience with SQL or similar data querying language.
• Experience programming in Python code strongly preferred.
• Experience in visualization tools such as Power BI, Tableau, Qlik; Power BI preferred.
• Self-motivated with the ability to manage multi-task.
• Ability to work independently under limited supervision and complete assignments timely.
• Strong communication skills through data visualizations, written and oral presentations.
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important.
• CIA, CPIAT, CISA preferred.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

Skills:

Risk Management, Software Development, Kubernetes

Job type:

Full-time

• Design, develop, and maintain security systems, tools, and best practices across the stack (frontend, backend, mobile, and infrastructure).
• Identify, assess, and mitigate security vulnerabilities through proactive risk management and threat modeling.
• Collaborate with product managers and developers to embed security into the software development lifecycle (SDLC).
• Develop and enforce policies for secure coding, data protection, and incident response.
• Implement robust authentication and authorization mechanisms.
• Conduct regular security assessments, including penetration testing and code reviews.
• Monitor, detect, and respond to security incidents using advanced tools and methodologies.
• Enhance infrastructure security using Kubernetes, Docker, and cloud platforms (GCP, AWS).
• Stay current on emerging threats, vulnerabilities, and security trends, and recommend actionable insights to improve defenses.
• Champion security awareness across the organization, including training sessions and knowledge-sharing activities.
• Ensure compliance with relevant security standards and regulations such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Basic QualificationsProven expertise in application security, cloud security, and infrastructure security.
• Proficiency in securing systems built with technologies such as Node.js, Golang, Elixir, Python, React, Svelte, or Flutter.
• Experience with tools like Docker, Kubernetes, and cloud services (GCP, AWS).
• Strong understanding of cryptographic principles and secure communication protocols.
• Familiarity with CI/CD pipelines and secure DevOps practices.
• Hands-on experience with security tools for vulnerability scanning, penetration testing, and threat detection.
• Deep understanding of database security, especially with PostgreSQL or other relational or non-relational databases.
• Strong analytical and problem-solving skills with a security-first mindset.
• Excellent communication skills and the ability to collaborate effectively in Agile teams.
• Self-motivation, adaptability, and a strong work ethic.
• Preferred Qualifications We re especially excited if you bring:Experience leading security initiatives or mentoring other engineers in security best practices.
• Expertise in compliance frameworks such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Advanced knowledge of security monitoring and incident response systems.
• Strong system design skills with a focus on secure architectures and long-term trade-offs.
• A proven track record of securing fast-paced, high-growth tech environments.
• A passion for securing user-centric products and contributing to their success.
• Perks & Benefits Flat Structure As we continue to grow fast, we strive to retain our culture where everyone is heard, contributes, and grows with the company..
• Work-life Harmony We believe that quality time outside of work is important to sustaining a healthy and happy lifestyle.
• Remote Work Hybrid-mode activated! It comes with the package: flexibility, focus and productivity!.
• Urban Office One breath from Phrom Phong BTS. No sweat whatsoever! The office should also feel like a second home so we dedicated a lot of care and resources into building the best environment for you to wake up to every morning.
• Fun Workshop The best relationships are built over new experiences, that s why we have workshops filled with a range of activities for you to look forward to and enjoy.
• Game Tournament It s getting fun and competitive! Challenge doesn t only have to come from work. Own the championship and show the peeps how great of a gamer (and player) you are.
• Group Insurance Health comes first, we know, don t worry, we ve got you covered.
• Health & Wellness Only a healthy army wins the war. We invest to take care of you from physical, mental and happiness-level. Adopted health & wellness applications plus activities to make sure everyone here is on cloud nine

Experience:

5 years required

Skills:

Compliance, Finance, Accounting

Job type:

Full-time

• Act as a trusted advisor to our clients as well as our engagement team to provide delivery leadership.
• Perform As-Is analysis of GRC maturity and provide robust recommendation for To-Be GRC stage by customizing with good practices for FSI industry or client industry.
• Develop / Assist and implement GRC strategies that align with the regulatory framework and business objectives of clients.
• Develop and deliver GRC policy, procedure, and training programs for clients on risk management, compliance, and governance best practices.
• Work closely with clients, business stakeholders, and technical teams to understand requirements, design solutions, and deliver successful implementations using GRC platforms.
• Conduct workshops and meetings with business stakeholders to understand their risk, compliance, business continuity management (BCM), Third Party Risk Management (TPRM) and Audit management needs.
• Translate business requirements into functional and technical specifications for GRC platform configuration.
• Assist in the design, configuration, and implementation of GRC solutions based on client requirements.
• Develop and customize GRC solutions, including workflow creation, dashboards, reporting features and integrations.
• Design powerful GRC insight dashboards for key stakeholders (e.g., top management, risk manager, risk owner, compliance team, internal audit team).
• Support User Acceptance Testing (UAT) and troubleshoot issues to ensure a smooth transition to production environments and system readiness.
• Provide ongoing support for GRC implementations, resolve issues, fine-tune systems to meet business and compliance needs, and monitor performance to recommend optimizations for continuous improvement.
• Create and deliver comprehensive documentation for system configurations, testing, user guides, and prepare regular reports on system performance, issues, and enhancements, ensuring the resource can effectively manage and deliver GRC project deliverables.
• Your role as a leader
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Consultant, Senior Consultant and Manager across our Firm are expected to:Develop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Align your team to key objectives as well as set clear priorities and direction.
• Make informed decisions that positively impact the sustainable financial performance and enhance the quality of outcomes.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Lead with integrity and make a strong positive impact by energising others, valuing individual differences, recognising contributions, and inspiring self-belief.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Qualifications:Bachelor s degree in finance, Accounting, Information Systems, Risk Management, or related field.
• GRC Platform certifications (e.g., Archer, ServiceNow, MetricStream, Bwise, IBM Open Pages) are highly preferred.
• Relevant certifications (e.g., CPA, CFA, GRCP, CRM, CRISC, CISA, CISM) are highly preferred.
• 5+ years of extensive experience in Risk Management & Compliance, BCM, Third-Party Risk Management and Audit Management within the banking or financial services industry.
• Hands-on experience in implementing, configuring, and managing GRC platforms.
• Fair understanding in banking products and overall banking processes.
• Strong understanding of global and local regulatory requirements such as Bank of Thailand (BOT), MAS, ISO 27001, Basel, COSO, IIA and related financial compliance frameworks.
• Experience in GRC consulting or professional firm or project management roles is highly preferred.
• Technical Skills:Hands on experience of GRC processes configuration and automation within GRC platforms, including but not limited to access control, workflow configuration, reporting, and dashboard creation.
• Hands-on experience integrating GRC platform with various systems (e.g., ERP, ITSM, SAP, Oracle, JIRA) using multiple integration methods, including REST/SOAP Web Services, API-based integrations, flat file transfers, and middleware solutions.
• In-depth knowledge of HTML, CSS, and XML, with experience in applying these technologies for system customization.
• Experience in installation, upgrading, and maintaining infrastructure for GRC platforms, ensuring optimal performance and system stability.
• Soft Skills:Excellent written and verbal communication skills with the ability to work effectively with both technical and non-technical stakeholders.
• Strong client-facing skills and ability to build and maintain client relationships.
• Excellent problem-solving capabilities, adaptability, and critical thinking, with an analytical mindset to solve complex issues and provide strategic recommendations in GRC roles.
• Highly organized with attention to detail and the ability to manage multiple projects simultaneously.
• Due to volume of applications, we regret only shortlisted candidates will be notified. Candidates will only be contacted by authorised Deloitte Recruiters via firm s business contact number or business email address.Requisition ID: 106944In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Experience:

7 years required

Skills:

Compliance, Risk Management, Project Management, English

Job type:

Full-time

• Project Delivery/Management: Support the delivery of data security projects focused on implementing tools such as Opentext, Securiti.AI, Fortanix, Guardium, OneTrust, Thales, Protegrity, and others across Southeast Asia.
• Client Collaboration: Work with clients to assess comprehensive data security risks and provide tailored recommendations for implementing capabilities including for data discovery, classification, encryption, anonymization, tokenization, certificate management, key management, safe data deletion, data loss prevention, Information Prot ...
• Subject Matter Expertise: Offer deep knowledge on security capabilities such as identity management, encryption, endpoint management, data loss prevention, email security, web and browser security, zero trust and key and certificate mgt. (e.g., Information and Data Protection, DLP, Insider Risk Management).
• Configuration and Deployment: Support the setup and deployment of data security solutions, ensuring seamless integration with client environments.
• Project Delivery: Ensure successful delivery of data security solutions across on-premise and cloud environment through strong project management and leadership.
• Client Relationships: Build and nurture positive working relationships with clients, aiming to exceed their expectations.
• Profitability Improvement: Identify opportunities to enhance engagement profitability through automation, creation of accelerators, and reuse of best practices.
• Your role as a leader.
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Managers across our Firm are expected toDevelop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Requirements:Degree in cyber security, computer science, business IT or equivalent.
• 7+ years of experience in cybersecurity, with a focus in data security, particularly in developing, implementing, or architecting security solutions from one or more of the listed vendor solutions above.
• 1+ years of hands-on experience with tools across and such as: Identity(Active Directory), Data Security including encryption solutions for storage, databases, networks (Guardium, Opentext, Protegrity, Fortanix, Securiti.AI etc), tokenization (for structured data), digital rights management for unstructured data (MS IRM / Purview), data loss prevention (Symantec, MS, Trellix, Zscaler), data posture mgt. (BigID, Sentra, Wiz, Securiti.AI, IBM Guardium etc.) and should have hands on experience including configuration, deployment, and management.
• Familiarity with standards, frameworks and privacy laws such as ISO/IEC 27701, ISO/IEC 27001, GDPR, PDPA and DAMA International Data Management Body of Knowledge (DAMA-DMBOK) would be a plus.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• Preferred CIPP, CIPM, CIPT, CISSP certification or related security certification.
• Able to speak Thai and English fluently.
• Due to volume of applications, we regret that only shortlisted candidates will be notified.
• Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. #LI-AA1Requisition ID: 107972In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

Experience:

2 years required

Skills:

Legal, Research, Corporate Law, English

Job type:

Full-time

• Conducting Assurance Reviews: Perform thorough assurance reviews on projects and topics to enhance risk management practices.
• Regulatory Monitoring: Stay vigilant about new regulatory requirements and changes, proposing necessary adjustments to current risk reviews to ensure management receives accurate assurance.
• Risk Management Advisory: Provide expert advice to IT operations on risk management and contribute to the development of remediation plans for any identified control de ...
• Collaboration with BIRMs/Business Focals: Work closely with Business Information Risk Managers (BIRMs) and business focal points to identify, assess, and review risks.
• ESSA Initiatives: Lead ESSA (Enterprise Security and Systems Assurance) initiatives related to assurance services, ensuring regular and accurate reporting.
• Oversight of Tools and Reports: Oversee the accuracy and relevance of tools and reports used by the team and stakeholders, making updates based on evolving business needs.
• Adherence to Assurance Plan: Ensure strict adherence to the approved assurance plan and provide detailed reporting on its execution.
• What you'll be doing.
• This role demands a high level of expertise in IT security and risk management, with a focus on proactive risk management and continuous improvement.
• Provide comprehensive assurance to the organization regarding IT risks.
• Continuously monitor new regulatory requirements and develop a robust assurance plan for the organization.
• Define and establish criteria for assessing information risks.
• Support the ITGC Testing Lead, especially during peak periods, to ensure seamless operations.
• Collaborate with cross-functional teams to enhance the overall risk management framework.
• Communicate effectively with stakeholders to ensure understanding and alignment with assurance processes and risk management strategies.
• Stay updated with industry best practices and integrate them into the organization's assurance strategies.
• Leadership and Influence: You ll be in a pivotal position to shape the organization s approach to IT risk management, providing assurance and influencing key decisions.
• Broad Scope: Beyond IT General Controls (ITGCs), you ll have the chance to identify and mitigate risks in various areas, broadening your expertise and impact.
• Regulatory Insight: By continuously monitoring new regulatory requirements, you ll stay at the forefront of industry standards and help the organization remain compliant and competitive.
• Strategic Development: You ll define and establish criteria for assessing information risks, contributing to the strategic development of the organization s risk management framework.
• Collaboration: Working with cross-functional teams will enhance your collaborative skills and allow you to contribute to a comprehensive risk management strategy.
• Support and Mentorship: Supporting the ITGC Testing Lead, especially during peak periods, will provide opportunities for mentorship and leadership within the team.
• Overall, this role offers a dynamic and impactful career path in Information Risk Management, with opportunities to lead, innovate, and collaborate across the organization.
• As the energy industry transitions to cleaner forms of energy, Shell is actively leveraging technology across its business. This exposes us to risk in Information security and regulatory requirements that come along with it.
• Snr. IDT Assurance Advisor plays a vital role in ensuring compliance with IRM policies and standards.
• This role involves delivering Assurance services and driving improvement projects, and developing assurance capabilities.
• Effective collaboration with stakeholders, managing impact from Shell-wide projects, and staying informed about internal policies and external risks are key challenges.
• What you bring
• 8+ years' experience in IT audits, ITGC testing, or conducting risk assessments/reviews.
• Monitoring regulatory changes, assessing organizational readiness, and providing assurance to management.
• Academic Background: Bachelor s Degree in Technology is required; a postgraduate degree is highly desirable.
• Certifications: Preferred certifications include those in IT security and Risk Management.
• Comprehensive knowledge of information risk management and related processes.
• General knowledge of IT security standards (e.g., ISO 27001, COBIT).
• Certifications: ISO 27001, CISA, CRISC.
• Familiarity with widely used applications (e.g., SAP, Power Platform, Cloud).
• Continuous improvement mindset and project management experience.
• Proactive problem-solving: Identify upcoming challenges and propose solutions.
• Learner Mindset: Professional curiosity and eagerness to learn.
• Highly motivated team player: Volunteer support and collaborate effectively.
• Prioritization skills: Handle multiple tasks simultaneously.
• Interpersonal skills: Communicate clearly and build relationships across stakeholders.
• Mid-Shift: Working hours will be IST 12 noon to 9 pm. Shift allowance will be eligible per organization policy.
• What we offer.
• You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. You ll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. You ll be able to balance your priorities as you become the best version of yourself.
• Progress as a person as we work on the energy transition together.
• Continuously grow the transferable skills you need to get ahead.
• Work at the forefront of technology, trends, and practices.
• Collaborate with experienced colleagues with unique expertise.
• Achieve your balance in a values-led culture that encourages you to be the best version of yourself.
• Benefit from flexible working hours, and the possibility of remote/mobile working.
• Perform at your best with a competitive starting salary and annual performance related salary increase - our pay and benefits packages are considered to be among the best in the world.
• Take advantage of paid parental leave, including for non-birthing parents.
• Join an organisation working to become one of the most diverse and inclusive in the world. We strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientation, and life experiences to apply.
• Grow as you progress through diverse career opportunities in national and.
• international teams.
• Gain access to a wide range of training and development programmes.
• We'd like you to know that Shell has a bold goal: to become one of the world s most diverse and inclusive companies. You can get to know more about how we're working towards that goal, click here.

Skills:

Compliance, Automation, Risk Management

Job type:

Full-time

• Lead and enhance security operations, mentoring team members and implementing advanced security strategies.
• Architect and enforce security frameworks for IT systems, networks, and cloud environments.
• Monitor, detect, and respond to cyber threats, conducting forensic investigations and post-incident analysis.
• Oversee vulnerability management, system hardening, and security compliance.
• Manage identity and access controls, privileged accounts, and authentication mechanisms.
• Drive security automation, process improvements, and adoption of emerging technologies.
• Conduct security awareness training and ensure best practices across the organization.
• Minimum 5+ years of experience in security operations, with a strong focus on incident response, vulnerability management, and risk assessment.
• Proven experience leading incident response efforts and conducting root cause investigations.
• Experience with vulnerability management, and overseeing the security pipeline.
• Experience with security standardization and IT compliance certification and audit.
• Experience with risk management frameworks and methodologies.
• Expert knowledge of security tools, including SIEM, EDR, vulnerability scanners, and penetration testing tools.
• Strong understanding of network protocols, cloud operating systems, and security concepts.
• Strong understanding of security frameworks such as NIST, ISO 27001, and MITRE ATT&CK.
• Proficiency in scripting languages (e.g., Python, PowerShell) for automation and analysis is a plus.
• Exceptional analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong attention to detail and a commitment to accuracy.
• Strong documentation and reporting skills.
• Ability to effectively communicate technical risks to non-technical stakeholders.
• Understanding of the 3 lines of defense model is a significant advantage.
• Remark: Given the nature of the mentioned position, where employees are involved with customer data and asset values, and/or the company, to comply with legal and regulatory standards established by the Securities and Exchange Commission, as well as to align with laws and overseeing agencies, the company requires a criminal background check as part of the post-interview process before joining the company. Your criminal history information will be retained for a period of 6 months from the start date..
• Important: Candidate Privacy Policy.
• สำคัญ:โปรดอ่านและทำความเข้าใจ: นโยบายความเป็นส่วนตัวด้านทรัพยากรบุคคล สำหรับผู้สมัครงาน และผู้สมัครเข้าฝึกงาน*.