Sr. Officer, Information Security Analyst
• Play a leading role in assisting with selection, implementations, and management of information security technology solutions such as Identity Management, Security Incident Event Management (SIEM), Access/Authentication (Password) Management, Network Access Control, Encryption, Threat Intelligence, Mobile Device Management, VPN access, data loss prevention, solutions requiring integration with ERP and/or authentication infrastructure, information lifecycle controls (processing, transmission, storage).
• Supervise third party service providers/contractors and drive the incident response, security reviews, and vulnerability management (including evaluating the effectiveness of any information security related duties, performed by IT department).
• Plan and conduct advanced vulnerability and penetration testing/assessments that also require in-depth analysis of IT controls applied to network infrastructure, virtualized servers, databases, web applications and interfaces, ERP and supporting software infrastructure (document management, reporting).
• Conduct advanced intrusion detection and analyses to identify trends, devise proactive deterrence measures, and mitigate threats and attacks against Company information and technology resources.
• Conduct extensive security reviews of new and existing technology solutions (hardware, software, enterprise applications, third party services and solutions) that Business Unit and the IT organization are involved in implementing or procurement requests that involve third party solutions and services.
• Conduct ongoing alternative studies to forecast future architectural changes, including leading proof of concept pilots, and interfacing with IT department to perform requirements analyses based on assessment of current IT infrastructure and 'keeping a pulse' on any projected changes that can affect the information security infrastructure at any given time.
• Perform ongoing evaluation of IT controls gaps (including compliance with ISO 27002 control objectives).
Essential Skills / Qualifications:
It requires a basic understanding of the following facets of information security: Information Security, Application Security, Infrastructure Security, Security Event Monitoring, Intrusion Prevention, Incident Response and eDiscovery, regardless of platform. Security related certifications (e.g., CISSP, CISM, MCSE, CCNA, CEH, Security +, and/or SANS GIAC) are a plus
Desirable Skills / Qualifications:
• Bachelor’s Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience.
Fluent in Thai/English communication.
• Industry Certifications (Preferred): CISSP, CISM, CISA, PMP, CRISC, CEH.
• At least three years of experience in a senior information security position/role such as Senior Information Security Engineer/Analyst.
• Excellent project management skills, time management, and ability to lead and complete complex tasks and projects
• At least three years of experience managing incident response activities.
• At least five years of experience selecting, implementing and managing information security solutions such as log management, SIEMs, Identity Management, endpoint security, and enterprise forensics.
• (Desired) Three to five years of experience preparing for IT and Information Security 'controls