Principal Information Security Officer

Job Level: Professional

Location:

Bangkok, Bangkok, TH, 10310

Area of Expertise: Risk Management

Unit: Allianz Technology

Employing Entity: Allianz Technology (Thailand) Co., Ltd.

Job Type: Full-Time

Remote Job: Hybrid working

Employment Type: Permanent

ID: 100063

Position Cluster: Non-Executive

About the Job

As a Local Information Security Officer (ISO) at Allianz Technology Thailand, you will play a crucial role in driving the implementation and evolution of the Allianz SE Group and Technology Information Security Framework and related guidelines. You will ensure compliance with the IS framework by providing control assurance for services offered to customers, as well for those that are consumed by the hub.

In addition, this role is also responsible partially for Digital Resilience which includes IT risk identification and management, implementation of controls and compliance, ITOM, assurance activities (risk shield, fit gap etc), TPRM coordination.

Dive into a dynamic environment where your expertise will drive information security and digital resilience excellence and protect Allianz's interests.

What you do

Information Security Officer (ISO 70-80%)

Drive the implementation of and ensure compliance with Group-wide standards, regulatory requirements and industry security standards included but not limited to Global information security framework assessment, Global functional rule assessment, DORA, NIS2 in all Allianz Technology services and in projects.

Oversee the compliance reporting process for local entities; assess and address deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.

Lead local Information Security Steering Boards and support preparation of Information Security action plans.

Support local executive body in their regulatory Information Security-related governance requirements and their responsibility to set up sound organizational and operational structures and procedures.

Implement the actions under the LISO´s responsibility (e. g. IS Management Meetings, ISSB meetings, IS Risk Management), proactively manage the implementation of relevant follow-up measures in a timely manner.

Ensure that all Allianz Technology IS Governance related documents are ratified by local entity management and follow up on the implementation of those.

Serve as Local contact point for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions.

Provide information security consulting and liaison with all relevant stakeholders.

Systematically assess the effectiveness of security controls in all services provided by Allianz Technology, its partners and third-party providers.

Drive Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.

Ensure that all IS related deviations (aka IS risks) are reported in the GRC tool and managed there as defined in the information security risk management process

Promote awareness of Allianz Technology security requirements and processes via regular communication to workforce across multiple channels.

Manage the local roll-out of global information security trainings and monitor and report the attendance of local workforce

Engage with senior stakeholders and providing regular, high-impact reports to the regional management, the Allianz Technology Thailand Board of Directors, and the Board of Management of Allianz Technology

Regularly exchange with and contribute to the regional and global Allianz Technology ISO community.

Support the annual IT compliance reporting process for the local entity.

Support local management in their regulatory Information Security-related governance requirements.

Digital Resilience Officer (DRO 20-30% capacity)

The Digital Resilience Officer (DRO) coordinates the implementation and maintenance of digital resilience and IT risk management for the Allianz Technology branch or local entity. Reports functionally to AZT Head of Digital Resilience and Reports disciplinarily to Head of Branch Operations.

Risk & Control Management for Digital Risks

Establish and maintain effective digital risk controls, ensuring integration into operational processes

Lead digital risk identification, assessment and management across applications and services

Ensure digital risks are managed in line with the DIRM framework and monitored within defined timelines within 30 days

Participate in the local Risk Council and report on the status of the local digital risks

Coordination & Awareness

Strengthen digital risk management relationships with customers

Act as local coordination point across safeguarding functions

Participate in Central DR sessions and engage with global risk communities

Third-Party Risk Management (TPRM)

Conduct TPRM assessments for all services and contracts

Ensure documentation of active contracts in line with DORA requirements

Ensure compliance with tiering outcomes and mandatory clauses

Maintain D&O trackers

Ensure approved exit strategies and validated BCDR plans are in place

Reporting & Assurance

Coordinate responses to customer audits

Support AzTech internal audits relevant for COO function

Support Assurance and Risk Shield activities

IT Governance & Compliance

Ensure ITOM compliance and adherence to regulatory requirements

Conduct compliance benchmarking across branches

Follow up prior-year risks and ATPIT deviations

Deliverables & Timelines

Perform annual IT compliance self-assessment (by 30. Sept.)

Ensure remediation gaps are logged and tracked (by 30. Nov.)

Provide quarterly IT risk reporting to Central

What you bring

Bachelor or master degree in Computer or Information technology in related fields.

Recognized Information Security Certifications e.g. CISSP, CISA, CISM. CRISC, PCI DSS or ISO27001 Lead Auditor preferred

8+ years of experience in information security, Information risk management, controls assurance & compliance programs.

Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing

Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks

Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.

Strong presentation skills

Strong attention to detail, analytical thinking, and integrity

Adaptability, leadership, and continuous learning

Ownership, proactiveness & collaboration

Excellent communication skills, interpersonal, oral, and written in English

What we offer

We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration.
We believe in rewarding performance, and our compensation and benefits package includes a company bonus scheme, pension, employee shares program, and multiple employee discounts (details vary by location).
From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery, and empowerment are fostered.
Flexible working, health, and wellbeing offers (including healthcare and parental leave benefits) support balancing family and career and help our people return from career breaks with valuable experience.
Work from home allowance.
Comprehensive health insurance extends beyond employees to cover their loved ones.
We offer a premium gym membership to support well-being and a healthy work-life balance.
An on-site playroom and a variety of engaging activities are available to help employees unwind and recharge.

About Allianz Technology:

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked with running, optimizing, transforming, and innovating the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience. We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction. In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.Find us at:www.linkedin.com/company/allianz-technology

Commitment to Integrity, Fairness & Inclusion:

Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. Ultimately, our greatest strength as a company lies in the unique skills, experiences, and backgrounds our employees contribute

To Recruitment Agencies:

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agency or search firm recruiters. When we engage with recruitment agencies, the partnership is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate is ultimately employed by Allianz.