Principal Information Security Officer

About the Job 

As a Local Information Security Officer (ISO) at Allianz Technology Thailand, you will play a crucial role in driving the implementation and evolution of the Allianz SE Group and Technology Information Security Framework and related guidelines. You will ensure compliance with the IS framework by providing control assurance for services offered to customers, as well for those that are consumed by the hub. In addition, this role is also responsible for Protection & Resilience (P&R) matters including Business Continuity Management (BCM), Crisis Management (CM) and Protective security management

Your role will be pivotal in fostering a secure and resilient environment for Allianz Technology Thailand, aligning with Allianz's commitment to protection and resilience. Dive into a dynamic environment where your expertise will drive information security excellence and protect Allianz's interests.

What you do 

Information Security Officer (ISO)

• Drive the implementation of and ensure compliance with Group-wide standards, regulatory requirements and industry security standards included but not limited to Global information security framework assessment, Global functional rule assessment, DORA, NIS2 in all Allianz Technology services and in projects.
• Oversee the compliance reporting process for local entities; assess and address deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Lead local Information Security Steering Boards and support preparation of Information Security action plans.
• Support local executive body in their regulatory Information Security-related governance requirements and their responsibility to set up sound organizational and operational structures and procedures
• Implement the actions under the LISO´s responsibility (e. g. IS Management Meetings, ISSB meetings, IS Risk Management), proactively manage the implementation of relevant follow-up measures in a timely manner.
• Ensure that all Allianz Technology IS Governance related documents are ratified by local entity management and follow up on the implementation of those.
• Serve as Local contact point for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions.
• Provide information security consulting and liaison with all relevant stakeholders.
• Systematically assess the effectiveness of security controls in all services provided by Allianz Technology, its partners and third-party providers.
• Drive Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.
• Ensure that all IS related deviations (aka IS risks) are reported in the GRC tool and managed there as defined in the information security risk management process
• Promote awareness of Allianz Technology security requirements and processes via regular communication to workforce across multiple channels.
• Manage the local roll-out of global information security trainings and monitor and report the attendance of local workforce
• Engage with senior stakeholders and providing regular, high-impact reports to the regional management, the Allianz Technology Thailand Board of Directors, and the Board of Management of Allianz Technolog
• Regularly exchange with and contribute to the regional and global Allianz Technology ISO community.
• Support the annual IT compliance reporting process for the local entity.
• Support local management in their regulatory Information Security-related governance requirements

Protection & Resilience (P&R)

• Perform the Business Continuity Management (BCM) lifecycle activities for Allianz Technology Thailand, including business impact analysis (BIA), risk identification and assessment (RIA), response strategies, response planning, exercise and testing
• Monitor and advise about applicable laws and regulations and ensure that the Allianz Technology Thailand ratifies the Protection and Resilience Policy
• Act as resilience point of contact and coordinate resilience related requests; verify IT Disaster Recovery (DR) capabilities, identify possible IT DR gaps and ensure DR data consistency
• Monitor incidents with potential crisis and report these to the Allianz Technology Crisis Unit Office
• Regularly assess resilience controls and report results to Protection & Resilience Office
• Create internal awareness of Protection & Resilience and associated responsibilities within Allianz Technology Thailand
• Regularly participate in reviews being undertaken by global Protection & Resilience Office
• Coordinate and assess the organization maturity in protective security management.
• Perform annual review and execution of organizational business continuity plan an
  
  

What you bring

• Bachelor or master degree in Computer or Information technology in related fields.
• Recognized Information Security Certifications e.g. CISSP, CISA, CISM. CRISC, PCI DSS or ISO27001 Lead Auditor preferred
• 8+ years of experience in information security, Information risk management, controls assurance & compliance programs.
• Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
• Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
• Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
• Strong presentation skills 
• Excellent communication skills, interpersonal, oral, and written in Englis
  
  

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working.
• We believe in rewarding performance, and our compensation and benefits package includes a company bonus scheme, pension, employee shares program, and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery, and empowerment are fostered.
• Flexible working, health, and wellbeing offers (including healthcare and parental leave benefits) support balancing family and career and help our people return from career breaks with valuable experience.
• Work from home allowance.
• Comprehensive health insurance extends beyond employees to cover their loved ones.
• We offer a premium gym membership to support well-being and a healthy work-life balance.
• An on-site playroom and a variety of engaging activities are available to help employees unwind and recharge.

83458 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent