เงื่อนไขการค้นหา

ประสบการณ์:

3 ปีขึ้นไป

ทักษะ:

Business Development, Risk Management, ISO 27001

ประเภทงาน:

งานประจำ

• Assess existing cybersecurity frameworks, identify gaps, and provide actionable recommendations for improvement.
• Develop tailored cybersecurity strategies that align with the client s business goals, regulatory requirements, and risk profile.
• Conduct cybersecurity risk assessments and develop mitigation plans to address potential security threats.
• Ensure client strategies comply with relevant cybersecurity regulations, standards (e.g., NIST, ISO), and industry best practices.
• Manage cybersecurity projects from inception through completion, ensuring timely delivery and client satisfaction.
• Build and maintain strong relationships with clients, serving as a trusted advisor on cybersecurity matters.
• Lead and mentor a team of cybersecurity consultants, fostering a culture of collaboration and continuous improvement.
• Support business development activities by identifying new opportunities and contributing to proposal development.
• Your role as a leader.
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Assistant Managers across our Firm are expected toDevelop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Enough about us, let's talk about you.Degree in cyber security, computer science, business IT or equivalent.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• 3+ years of experience in cybersecurity, with a focus on strategy development, security governance, and risk management.
• Strong understanding of cybersecurity frameworks, regulatory requirements, and industry standards (e.g., NIST, ISO 27001, MITRE).
• Preferred CISA, CISM, CISSP certification or related security certification.
• Due to volume of applications, we regret that only shortlisted candidates will be notified. Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information.
• LI-AA1 Requisition ID: 106366In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

Compliance, Risk Management, ISO 27001

ประเภทงาน:

งานประจำ

• Develop and implement IT governance frameworks, policies, and procedures that align with industry best practices, regulatory requirements, the company and technology team objectives.
• Design and implement controls and mitigation strategies to address identified risks and ensure compliance with relevant regulations and industry standards.
• Collaborate with key stakeholders to identify and document IT governance goals, objectives, and key performance indicators (KPIs) that align with the company and techno ...
• Collaborate with IT and business stakeholders to balance business agility and IT risk.
• Coordinate and participate in audits and assessments to evaluate the effectiveness of IT governance controls and ensure compliance with internal policies and external regulations.
• Monitor and report on the effectiveness of IT governance controls, identify areas for improvement, and recommend appropriate remediation actions.
• Regularly review existing policies and procedures to identify gaps and areas of improvement.
• Maintain a thorough understanding of emerging trends, technologies, and regulatory changes that could impact the company s IT operations and governance.
• Bachelor s degree in Computer Science/Engineering, Information Systems, or IT related field.
• At least 5 years of work experience and 2 years in IT governance, risk management, or IT audit.
• Strong knowledge of IT governance standards and frameworks such as COBIT, ITIL, ISO 27001, etc.
• Solid understanding of cyber security principles and data privacy regulations.
• Exceptional communication skills with the ability to present complex IT concepts to non-technical stakeholders.
• Analytical mindset with strong problem-solving skills and attention to detail.
• Proven project management and leadership skills.
• Familiarity with cloud technologies and their governance requirements.
• Experience in a startup or tech-oriented environment.
• If you are passionate about IT governance and want to make a significant impact in a dynamic startup environment, we would love to hear from you!.

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

Research, ISO 27001, Enthusiastic, English

ประเภทงาน:

งานประจำ

• Collect and analyze threat intelligence reports covering new threats, vulnerabilities, products.
• Conduct technical and operational threat intelligence research, both independently and as part of a wider team.
• Identify emerging threats, techniques and trends, the means of protecting or defending against them, and articulate these in a range of report formats to relevant stakeholders.
• Conduct deep-level analysis of malware, including how it is developed, functions, and employed.
• Support the Consulting and Managed CTI teams, Vulnerability Management, Incident Response and CSOC team with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats.
• Support Cybersecurity Posture Management to guarantee that a good cybersecurity posture is consistently maintained at an acceptable level. Liaison with external audit, internal audit, financial crime and associated consultants, and the group firm.
• Assist technology security team leaders/others in responding to cybersecurity incidents that have an impact on cybersecurity posture, in order to guarantee quick reaction, tracking, and proper maintenance.
• Assist in R&D and innovation on cybersecurity technology and approaches for continuous cybersecurity uplift.
• Qualifications Bachelor s or Master degree in computer science, Computer Engineering, Information Technology, or related field.
• At least 5 years of experience in Information Security or a related field.
• Knowledge of security technology e.g. WAF, SIEM, EDR, IAM, CSOC and Vulnerability Management.
• Experience in cloud cybersecurity technologies and services.
• Exposure to malware reverse engineering, network intrusion analysis, host intrusion analysis, log analysis, vulnerability research or digital forensics is preferred.
• Strong understanding of industry best practices and standards, including ISO 27001, NIST, and CIS is preferred.
• Relevant certifications such as CISSP, CISM, or CISA are a plus.
• Excellent communication and problem-analytical skills, with the ability to communicate complex security issues to non-technical stakeholders.
• Effective English for verbal, written communication.
• Enthusiastic, thriving, good interpersonal skills.
• We're committed to bringing passion and customer focus to the business. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us.

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

Compliance, Risk Management, ISO 27001, Management, English

ประเภทงาน:

งานประจำ

• Developing and implementing IT Governance Frameworks.
• Developing IT policies and procedures.
• Identifying IT-related risks and implementing strategies to mitigate them, including cyber security risks, data privacy concerns, and operational disruptions.
• Monitoring the performance of IT systems and services against predefined metrics and reporting.
• Ensuring that IT practices comply with relevant laws, regulations, and industry standards, and coordinating IT audits to assess compliance and identify areas for improvement.
• Providing guidance, training, and support to employees on IT governance policies, procedures, and best practices.
• Identifying opportunities for improvement in IT governance processes and implementing enhancements to drive continuous improvement and innovation.
• Review IT s audit response from system s owner and suggest the right way to response back to IT s audit document.
• Follow up action items update and pending items from system s owner.
• Minimum 5 years of relevant experience in IT governance, IT risk management, or a related field.
• Experience in managing IT projects, implementing IT policies and frameworks, and overseeing compliance and risk management practices is highly valued.
• Experience in implementing and maintaining on ISO 27001 management systems within organizations is highly valuable.
• Experience to manage and follow up audit response.
• Strong understanding and practical experience with IT governance frameworks such as COBIT (Control Objectives for Information and Related Technologies) or ITIL (Information Technology Infrastructure Library).
• Proficiency in IT risk management methodologies and techniques, including risk assessment, mitigation strategies, and compliance requirements.
• Ability to develop, implement, and enforce IT policies and procedures that align with organizational objectives and regulatory requirements.
• Understanding of business processes and how IT supports organizational goals and strategies.
• Excellent verbal and written communication skills are essential for effectively communicating IT governance principles and practices to stakeholders at all levels of the organization.
• Ability to lead cross-functional teams, collaborate with diversity, and influence decision-making processes related to IT governance.
• Office of Human Capital
• THAI BEVERAGE PUBLIC COMPANY LIMITED
• Lao Peng Nguan Building, Tower 1
• 333 Vibhavadi Rangsit Road, Ladyao Subdistrict, Chatuchak District, Bangkok 10900.

ประสบการณ์:

5 ปีขึ้นไป

ทักษะ:

Business Development, Risk Management, ISO 27001

ประเภทงาน:

งานประจำ

• Assess existing cybersecurity frameworks, identify gaps, and provide actionable recommendations for improvement.
• Develop tailored cybersecurity strategies that align with the client s business goals, regulatory requirements, and risk profile.
• Conduct cybersecurity risk assessments and develop mitigation plans to address potential security threats.
• Ensure client strategies comply with relevant cybersecurity regulations, standards (e.g., NIST, ISO), and industry best practices.
• Manage cybersecurity projects from inception through completion, ensuring timely delivery and client satisfaction.
• Build and maintain strong relationships with clients, serving as a trusted advisor on cybersecurity matters.
• Lead and mentor a team of cybersecurity consultants, fostering a culture of collaboration and continuous improvement.
• Support business development activities by identifying new opportunities and contributing to proposal development.
• Your role as a leader.
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Managers across our Firm are expected toDevelop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Enough about us, let's talk about you.Degree in cyber security, computer science, business IT or equivalent.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• 5+ years of experience in cybersecurity, with a focus on strategy development, security governance, and risk management.
• Strong understanding of cybersecurity frameworks, regulatory requirements, and industry standards (e.g., NIST, ISO 27001, MITRE).
• Preferred CISA, CISM, CISSP certification or related security certification.
• Due to volume of applications, we regret that only shortlisted candidates will be notified. Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information.
• LI-AA1 Requisition ID: 106371In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.

ทักษะ:

ISO 27001, English

ประเภทงาน:

งานประจำ

• รับผิดชอบการ Monitoring ควบคุมและจัดการระบบพื้นฐานเกี่ยวกับ ไฟฟ้า และระบบปรับอากาศ ระบบเครือข่าย เพื่อสนับสนุนการจัดการ.
• ตอบสนองความต้องการของลูกค้า และประสานงาน การติดตั้งและการแก้ไขปัญหาระบบของผู้บริการ (vendor) เพื่อให้ถูกต้องและสมบูรณ์ตามหลักปฎิบัติ.
• ควบคุมและประสานงานการบำรุงรักษาและการซ่อมแซม (Preventive Maintenance) ระบบพื้นฐานต่างๆ เครื่องกำเนิดไฟฟ้า Generator, เครื่องสำรองไฟฟ้า UPS, ระบบตู้ไฟฟ้า, ระบบปรับอากาศ และการติดตั้งอุปกรณ์ระบบเครือข่าย (Network) เป็นต้น.
• เป็น 1st level support & troubleshooting ของระบบ Facility ใน Data Center เช่น ระบบ Network, ระบบไฟฟ้า, ระบบปรับอากาศ เป็นต้น.
• จัดทำกระบวนการปฎิบัติงาน และคู่มือการทำงานในการดูแลระบบพื้นฐาน โดยอิงตามมาตราฐาน ISO หรือมาตรฐานอื่นที่เกี่ยวข้องกับการปฏิบัติงาน (เช่น ISO 20000 ด้านบริการ, ISO 27001 ด้านความปลอดภัย,ISO 50001 ด้านบริหารพลังงาน และอื่นๆ เช่น ISO22301, PCIDSS, TCOS) รวมทั้งรูปแบบใบบันทึก, รายงานต่าง ๆ.
• สรุปและรายงานผลสำหรับปัญหาวิกฤติใด ๆ ต่อหัวหน้าทีม รวมทั้ง การจัดทำรายงานสถิติ,รายงานวิเคราะห์แบบรายวัน, รายเดือน รายไตรมาส ด้วย.
• Bachelor s degree in electrical power, mechanic or related fields.
• Thai nationality, Male, Age 20 - 25 years old.
• Have basic technical knowledge in Data Center facilities (Electrical/Mechanical).
• Able to work under pressure.
• Able to work with a team.
• Fair communication in English.

ประสบการณ์:

2 ปีขึ้นไป

ทักษะ:

Public Relations, Legal, Computer Security, English

ประเภทงาน:

งานประจำ

• Executes cybersecurity engineer tasks including, but not limited to, security patch management, security vulnerability management, and security configuration management.
• Tests, implements, deploys, maintains, reviews, and administers the cybersecurity tools.
• Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Coordinate with Cyber Defense Analysts to manage and administer the updating of rules and signatures (e.g., intrusion detection/protection systems, antivirus, and content blacklists) for specialized cyber defense applications.
• Identify potential conflicts with the implementation of any cyber defense tools (e.g., tool and signature testing and optimization).
• Operates and maintains production information security systems.
• Ensures proper cybersecurity documentation is in place regarding standard operating procedures.
• Monitors the industry and external environment for emerging threats and advises relevant stakeholders on appropriate courses of action.
• Oversees incident response planning and the investigation of security breaches and assists with any associated disciplinary, public relations, and legal matters.
• Applies expert knowledge and skills to resolve problems, including support concepts and methods, problem isolation and troubleshooting procedures, system and file recovery processes, and operating system and network configurations.
• Prepares and presents cogent and cohesive analyses and briefings advising management on new technological developments, techniques, and enhancements that result in increased time and cost efficiencies.
• Provides advice and assistance to troubleshoot the most complex problems in a manner that minimizes interruptions in the ability to carry out critical business activities.
• Supports rapid response teams in response to customer service problems resulting from catastrophic events such as virus infections or widespread power outages.
• Supports the development of a formal cyber security risk assessment program.
• Supports and assists in maintaining a vulnerability/gap/response assessment program.
• Supports the ongoing maintenance of the cyber-Kill Chain for the company, focusing on phases of cyber-attack and remediation/mitigation for each phase.
• Supports ongoing activities to develop, communicate, and support appropriate standards and risk controls associated with digital data.
• Supports the development and maintenance of a company Data Protection program.
• Responds to cybersecurity alerts.
• Cascade and leverage cybersecurity control and practice to the entire company group.
• Bachelor s or Master s degree in Computer Engineering, MIS, IT, or a related field.
• At least 2 years experience in computer security and 5 years in IT infrastructure.
• Have a foundation in good information security practices.
• Knowledge of International Security frameworks, Standards, and Guidelines, e.g., COBIT, NIST-800, ISO 27001, PCI-DSS, OWASP, etc.
• Experience in Security tools, e.g., EDR, ATP, WAF, IPS/IDS, Deception, TI/TIP, Anti DDoS.
• Experience in Cloud Environments, e.g., Google Cloud, AWS, Microsoft Azure.
• Experience with system and application security management and control.
• Experience with system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Experience with facilitating information security risk assessments.
• Technical writing, documentation development, process mapping, and visual communication skills.
• Hands-on experience with computer programming languages and/or scripting languages such as Python, Java, and Shell for automation.
• Professional certificates related to work (e.g., CISSP, CISM, AWS Certified Security, or similar general security certification) are desirable.
• Talent to identify and create a broad vision for a security solution and to execute it;.
• Systems Thinking - the ability to see how parts interact with the whole (big picture thinking).
• Proven experience of acting as an expert in project teams.
• A positive, can-do attitude who naturally expresses a high degree of empathy to others.
• Ability to explain your thoughts or findings also to non-technical professionals.
• Strong problem-solving and analytical abilities Able to work under minimal supervision, detail oriented.
• Excellent English (Spoken and Written).
• Location: True Digital Park, Punnawithi.

ทักษะ:

Risk Management, Software Development, Kubernetes

ประเภทงาน:

งานประจำ

• Design, develop, and maintain security systems, tools, and best practices across the stack (frontend, backend, mobile, and infrastructure).
• Identify, assess, and mitigate security vulnerabilities through proactive risk management and threat modeling.
• Collaborate with product managers and developers to embed security into the software development lifecycle (SDLC).
• Develop and enforce policies for secure coding, data protection, and incident response.
• Implement robust authentication and authorization mechanisms.
• Conduct regular security assessments, including penetration testing and code reviews.
• Monitor, detect, and respond to security incidents using advanced tools and methodologies.
• Enhance infrastructure security using Kubernetes, Docker, and cloud platforms (GCP, AWS).
• Stay current on emerging threats, vulnerabilities, and security trends, and recommend actionable insights to improve defenses.
• Champion security awareness across the organization, including training sessions and knowledge-sharing activities.
• Ensure compliance with relevant security standards and regulations such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Basic QualificationsProven expertise in application security, cloud security, and infrastructure security.
• Proficiency in securing systems built with technologies such as Node.js, Golang, Elixir, Python, React, Svelte, or Flutter.
• Experience with tools like Docker, Kubernetes, and cloud services (GCP, AWS).
• Strong understanding of cryptographic principles and secure communication protocols.
• Familiarity with CI/CD pipelines and secure DevOps practices.
• Hands-on experience with security tools for vulnerability scanning, penetration testing, and threat detection.
• Deep understanding of database security, especially with PostgreSQL or other relational or non-relational databases.
• Strong analytical and problem-solving skills with a security-first mindset.
• Excellent communication skills and the ability to collaborate effectively in Agile teams.
• Self-motivation, adaptability, and a strong work ethic.
• Preferred Qualifications We re especially excited if you bring:Experience leading security initiatives or mentoring other engineers in security best practices.
• Expertise in compliance frameworks such as ISO 27001, PDPA, GDPR, SOC 2, or PCI DSS.
• Advanced knowledge of security monitoring and incident response systems.
• Strong system design skills with a focus on secure architectures and long-term trade-offs.
• A proven track record of securing fast-paced, high-growth tech environments.
• A passion for securing user-centric products and contributing to their success.
• Perks & Benefits Flat Structure As we continue to grow fast, we strive to retain our culture where everyone is heard, contributes, and grows with the company..
• Work-life Harmony We believe that quality time outside of work is important to sustaining a healthy and happy lifestyle.
• Remote Work Hybrid-mode activated! It comes with the package: flexibility, focus and productivity!.
• Urban Office One breath from Phrom Phong BTS. No sweat whatsoever! The office should also feel like a second home so we dedicated a lot of care and resources into building the best environment for you to wake up to every morning.
• Fun Workshop The best relationships are built over new experiences, that s why we have workshops filled with a range of activities for you to look forward to and enjoy.
• Game Tournament It s getting fun and competitive! Challenge doesn t only have to come from work. Own the championship and show the peeps how great of a gamer (and player) you are.
• Group Insurance Health comes first, we know, don t worry, we ve got you covered.
• Health & Wellness Only a healthy army wins the war. We invest to take care of you from physical, mental and happiness-level. Adopted health & wellness applications plus activities to make sure everyone here is on cloud nine

ประสบการณ์:

7 ปีขึ้นไป

ทักษะ:

Compliance, Risk Management, Project Management, English

ประเภทงาน:

งานประจำ

• Project Delivery/Management: Support the delivery of data security projects focused on implementing tools such as Opentext, Securiti.AI, Fortanix, Guardium, OneTrust, Thales, Protegrity, and others across Southeast Asia.
• Client Collaboration: Work with clients to assess comprehensive data security risks and provide tailored recommendations for implementing capabilities including for data discovery, classification, encryption, anonymization, tokenization, certificate management, key management, safe data deletion, data loss prevention, Information Prot ...
• Subject Matter Expertise: Offer deep knowledge on security capabilities such as identity management, encryption, endpoint management, data loss prevention, email security, web and browser security, zero trust and key and certificate mgt. (e.g., Information and Data Protection, DLP, Insider Risk Management).
• Configuration and Deployment: Support the setup and deployment of data security solutions, ensuring seamless integration with client environments.
• Project Delivery: Ensure successful delivery of data security solutions across on-premise and cloud environment through strong project management and leadership.
• Client Relationships: Build and nurture positive working relationships with clients, aiming to exceed their expectations.
• Profitability Improvement: Identify opportunities to enhance engagement profitability through automation, creation of accelerators, and reuse of best practices.
• Your role as a leader.
• At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We connect our purpose and shared values to identify issues as well as to make an impact that matters to our clients, people and the communities. Additionally, Managers across our Firm are expected toDevelop diverse, high-performing people and teams through new and meaningful development opportunities.
• Collaborate effectively to build productive relationships and networks.
• Understand and lead the execution of key objectives and priorities for internal as well as external stakeholders.
• Influence stakeholders, teams, and individuals positively - leading by example and providing equal opportunities for our people to grow, develop and succeed.
• Deliver superior value and high-quality results to stakeholders while driving high performance from people across Deloitte.
• Apply their understanding of disruptive trends and competitor activity to recommend changes, in line with leading practices.
• Enough about us, let's talk about you.Degree in cyber security, computer science, business IT or equivalent.
• 7+ years of experience in cybersecurity, with a focus in data security, particularly in developing, implementing, or architecting security solutions from one or more of the listed vendor solutions above.
• 1+ years of hands-on experience with tools across and such as: Identity(Active Directory), Data Security including encryption solutions for storage, databases, networks (Guardium, Opentext, Protegrity, Fortanix, Securiti.AI etc), tokenization (for structured data), digital rights management for unstructured data (MS IRM / Purview), data loss prevention (Symantec, MS, Trellix, Zscaler), data posture mgt. (BigID, Sentra, Wiz, Securiti.AI, IBM Guardium etc.) and should have hands on experience including configuration, deployment, and management.
• Familiarity with standards, frameworks and privacy laws such as ISO/IEC 27701, ISO/IEC 27001, GDPR, PDPA and DAMA International Data Management Body of Knowledge (DAMA-DMBOK) would be a plus.
• Excellent communication and presentation skills, with the ability to influence senior stakeholders and deliver compelling recommendations.
• Strong leadership and team management capabilities, with experience mentoring and developing consultants.
• Preferred CIPP, CIPM, CIPT, CISSP certification or related security certification.
• Able to speak Thai and English fluently.
• Due to volume of applications, we regret that only shortlisted candidates will be notified.
• Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website. #LI-AA1Requisition ID: 106368In Thailand, the services are provided by Deloitte Touche Tohmatsu Jaiyos Co., Ltd. and other related entities in Thailand ("Deloitte in Thailand"), which are affiliates of Deloitte Southeast Asia Ltd. Deloitte Southeast Asia Ltd is a member firm of Deloitte Touche Tohmatsu Limited. Deloitte in Thailand, which is within the Deloitte Network, is the entity that is providing this Website.