IT Sr. Engineer (IT Compliance, Software Quality Assurance)
บริษัท แมกเนคอมพ์ พรีซิชั่น เทคโนโลยี จำกัด (มหาชน)- The IT Compliance Officer, Software Quality Assurance, is responsible to provides leadership in managing the functions and activities of information security and risk management, IT service management and business continuity, sourcing and vendor management, and enterprise architecture across the H5 Group, enabling the achievement of IT operation objectives.
- Develop and maintain information technology and security policies and procedures and ensure that they are aligned to business requirements, information technology strategy, legal/regulatory requirements, and leading industry standard frameworks such as ITIL, COBIT, NIST, ISO 20000, and ISO 27001.
- Assist in liaising with ISO and HR to develop policies, procedures, and controls to ensure that they aligned to the business requirements.
- Review and propose changes to existing policies and procedures to reflect existing business requirements and compliance with applicable regulations.
- Develop, publish, and maintain information security standards for all applicable technologies and information system within the company aligned with leading industry standards such as CIS and NIST.
- Collaborate with the H5 group to develop and maintain information technology and security processes and procedures.
- Review policy and technology standards exception/waiver requests and recommend appropriate risk mitigation/acceptance approach aligned with the Enterprise Risk Management framework.
- Participate in information security certification and accreditations to provide guidance on current policies, procedures, and standards.
- Identify and report information technology and security policy, procedure, and standards related metrics to demonstrate value to the IT Director.
- Interface with information security awareness function and change management teams to foster awareness of company policies, procedures, and standards among Magnecomp staff.
- Interface with other departments to understand business requirements and the role of information systems in supporting business processes.
- Coordinate with other IT teams to provide effective solutions to information security issues.
- Interface with the Risk, Certification, and Accreditation team, and Compliance teams to ensure necessary changes reflected in policies to address the risks identified.
- Build effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations throughout the company. Gain commitment from stakeholders to implement recommended and agreed on information technology and security controls and treatment plans.
- Help foster effective teams committed to organizational goals, foster collaboration among team members and teams and use teams to address relevant issues.
- Demonstrate work commitment and drive for results. Set high standards of performance; pursue aggressive goals and work hard to achieve them.
- MBA in Quality Management, COBIT, VERISM certified, CISA Trained, ITIL Certified, CSQA, BSI Certified Lead Auditor for ISO 27001:2005, ISO 9001:2015, Six Sigma Green Belt Certified.
- Minimum 10+ years’ experience working in information security, information technology or information risk management related field.
- Demonstrated experience in writing, publishing, and maintaining information technology, information security, and other related policies.
- Demonstrated experience in developing technical security standards in various technologies across the operating system, network, database and application layers.
- Familiarity and understanding of a broad range of IT hardware and software products.
- Thorough understanding of best practice and industry-standard technical security standards including, but not limited to NIST and CIS.
- Good knowledge and demonstrated work experience of the use of ISO 27001 control framework and ISMS implementation.
- Familiarity with industry standards, laws and regulations, including but not limited to ISO 27001, SOX, ISO 20000, Safe Harbor, HIPAA, GLBA, and Basel II.
- Thorough understanding of information security risk assessment frameworks including but not limited to those from ISO and NIST.
- Demonstrated knowledge of security controls for a network, database, application, and operating systems. Strong knowledge and work experience with logical access controls.
- Knowledge of ERP and financial system including but not limited to Oracle and SAP.
- Knowledge of best practices and standards for monitoring and reporting information security performance (e.g., key risk and performance indicators, NIST/ PRISMA Maturity levels)
- Possession of industry certifications highly preferred including, but not limited to, Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, Certified Information Systems Security Professional (CISSP) and Information Systems Security Management Professional (ISSMP).
- Ability to work independently and within groups, must be self-motivated and able to work independently with minimal supervision.
- Possess excellent written and verbal communication skills, presentation, and problem-solving skills and be able to interact well with peers and internal customers.
- Highest ethical standards.
- Annual Bonus
- Annual Perfect Attendance Bonus
- Dental Allowance
- Free shuttle bus
- Medical Allowance
- Travel Allowance
- กองทุนสำรองเลี้ยงชีพ
- การฝึกอบรมและพัฒนาพนักงาน
- ค่าทำงานล่วงเวลา
- ค่าน้ำมันรถ, ค่าเดินทาง
- ค่ายินดีมงคลสมรส
- ค่าโทรศัพท์
- ทำงานที่บ้าน
- ทำงานสัปดาห์ละ 5 วัน
- ประกันสังคม
- ประกันสุขภาพ
- ประกันอุบัติเหตุ
- เครื่องแบบพนักงาน, ชุดยูนิฟอร์ม
- เที่ยวประจำปี หรือเลี้ยงประจำปี
- โบนัสตามผลงาน/ผลประกอบการ
- โบนัสประจำปี
- โบนัสประจำปี 1 เดือน
162 Moo 5, Phaholyothin Road,
Tambol Lamsai, Amphur Wangnoi, Pranakorn Sri Ayutthaya 13170, Thailand
Tel: 0-35215-225 Press 9 Ext. 3813, 3828 Fax: 0-35215-378