About LINE MAN Wongnai

LINE MAN Wongnai is Thailand’s Leading On-Demand Delivery and Lifestyle e-Commerce platform services. We build technology to help Thai people live better, to empower all local businesses by creating an end-to-end food ecosystem through our channel LINE MAN and Wongnai. Connected consumers, riders, and local businesses and improved the daily life of all parties with restaurants nationwide. And because we are local, we provide the deepest variety and services that are tailor-made for Thai people.

We are looking for an experienced in cybersecurity engineer, have a solid security principle, baseline, and expert in security concept. Working in a fast-paced environment, you will bring your expertise and skills to tackle the challenges that impact millions of people on our journey to become the No.1 food platform in Thailand.

What you do:

As a Security Governance, you will be responsible for:

  • Responsible for the effective implementation of security governance practices within the organization.
  • Conduct the development and maintenance of security policies, standards, processes and procedures to ensure compliance with industry regulations and best practices.
  • Conduct the development of security baselines to establish minimum security requirements for existing and streamline technologies.
  • Proficient in conducting security static and dynamic testing and interpreting high-level technical vulnerabilities identified through, and including penetration testing results.
  • Oversee the design and implementation of security controls to protect company assets and data.
  • Conduct regular assessments and audits to identify security risks and vulnerabilities, and develop mitigation strategies.
  • Collaborate with cross-functional teams to ensure alignment of security governance objectives with business goals.
  • Serve as a point of contact for internal and external stakeholders regarding security governance matters.
  • Establishing and maintaining an effective security awareness training program that results in increased employee understanding and adherence to security policies and procedures.
  • Successfully developing and implementing comprehensive security policies, standards, and procedures that align with industry regulations and best practices.
  • Developing and managing a robust security program management framework and calendar that ensures timely execution of security initiatives and proactive risk management.
  • Identifying and mitigating security risks through thorough assessments, implementing effective controls, and continuously monitoring and updating security measures.
  • Successfully coordinating with internal and external stakeholders to address security governance requirements, respond to audits, and meet regulatory compliance obligations.

What you need to succeed in this role:

  • 6+ years work experience in cybersecurity engineering roles, preferably for banking and payment companies or similar industries.
  • Strong communication and organization skills.
  • Good understanding and knowledge of information security fundamentals.
  • Familiarity with network security and information systems security principles and best practices.
  • Demonstrate a solid understanding of protocols and possess the ability to effectively plan for and handle situations that may arise while interfacing, communicating, and supporting auditors, regulators, and reviewers.
  • Capable of providing expert advice on appropriate mitigation actions or compensating controls, considering the risk level associated with each identified issue.
  • In-depth knowledge of security governance principles, frameworks, and best practices, Including, Possess a strong understanding of Governance, Risk, and Compliance (GRC) principles and methodologies.
  • Proficient in managing security issues, conducting root cause analysis, and formulating comprehensive action plans for mitigation. Capable of advising appropriate and effective solutions to address each identified security issue.
  • Strong understanding of security risk assessment methodologies and the ability to develop effective risk mitigation strategies.
  • Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels of the organization.
  • Analytical mindset and problem-solving abilities to identify and address security gaps.
  • Knowledge of security frameworks such as ISO 27001, NIST Cybersecurity Framework, or COBIT.
  • Familiarity with OWASP and global standards as references for vulnerability assessment.
  • Expertise in conducting security baseline development to establish minimum security requirements for systems, networks, and applications.

It would be great if you have:

  • Earned any of security, audit, and compliance-related certification e.g., Associate of (ISC), CISSP, CISA, CRISC, CISM, CompTIA Security+, ISO/IEC 27001
  • Experience with security, audit and compliance contexts e.g., PCI DSS, SOC2, SOX, PCI DSS, SEC, GDPR, PDPA and ISO/IEC 27001
  • Experience in managing security incidents and conducting incident response activities.
  • Understanding of modern IT infrastructure; cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes).
  • Familiarity with cloud security, network security, and emerging technologies.
  • Familiarity with security governance tools and technologies.