Share this Job

Associate Director - Country Information Security Risk and Analyst

Job Level:  Professional

Bangkok, TH, 10330

Due Date:  04/18/2022
Area of Expertise:  IT & Tech Engineering
Unit:  Allianz Thailand
Job Type:  Full-Time
Remote Job:  Home office due to Covid-19
Employment Type:  Permanent
ID:  6934


The candidate will be in the team of the Companies information security office. Information security team communicates directly and regularly with the Information Security Officer (ISO) and may be the Region and Group Information Security Officer or a member of the Information Security Core Group. The information security risk and analyst must meet their responsibilities which include: Perform local Information Security risk management including 3rd party and consumed IT services and identify weak controls.


Key Responsibilities:

- Perform and consult Business Owner and stakeholders as the Subject Matter Expert for all risks assessments related including Cloud IT Risk Assessment for consumed cloud-services, 3rd Party/Outsourcing Security Risk Assessment, Application Risk Assessment

- Support the Information Risk Owners to systematically identify, assess, monitor and steer Information Security Risks

- Identify weak controls and create, align, and monitor plans to close control weaknesses

- Monitor Information Security risks along the Information Security Risk Management (ISRM) framework in accordance with the overall Information Risk Management Process

- Manage, track, and supervise closure of opened risk or appropriate extension of risk acceptances

- Escalate systematic control shortcoming to ISO, Group and service provider

- Ensure including analyze and assess that security Service Level Agreements including controls are defined and monitored for application, used IT services, or IT services provided to other related Company

- Develop information security risk culture and awareness of local stakeholders

- Review the financial quantification of Cyber Risk and cooperate with Company Top Risk Assessment process

- Align and adopt the Cyber Risk Management strategy

- Ensure communication of applicable corporate rules and Information Security relevant information regularly

- Ensure implementation of Information Security related requirements deriving from Corporate Rules

- Other security related matters upon assignments

- In respect to these responsibilities the information security team must have a local reporting line (e.g. by regular information meetings, reports) to the ISO


Technical Skills:

  • Statistical report and systematic thinking
  • Technical & professional skills and qualities
  • Knowledge and skills in the areas of risk and information systems control
  • Knowledge and skills in the areas of application development and programming languages, Security Software Development Framework, and DevSecOps
  • Knowledge and skills in the areas of cloud services and cloud security framework


General Skills:

  • Project planning and monitoring
  • Consulting Skills
  • Good English communication skills are required


Required Experience:

  • Professional experience in Information Security field for 5 - 8 years
  • ISO27001 / NIST Framework


Required Education / Certifications

  • Master degree in computer related field or equivalent
  • CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control) is an advantage