Back to search
Phillip Life Assurance Linkedin · Posted 4d ago

IT Governance, Risk and Compliance (GRC)

Bangkok City

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Roles & Responsibilities:

Response IT Audit:

  • Conduct Reporting Findings. Document and report audit findings, recommendations, and follow-up actions
  • Collaborate with Teams: Work with IT and related teams to address identified issues.
  • Response audit finding from OIC including Annual OIC IT Audit, CRAF, IT Environment Survey and Electronic Registration and Certificate
  • Response audit finding from external IT audit
  • Performing account review on AD
  • Conduct high privilege account review.

Cybersecurity Awareness and Training:

  • Maintain Security awareness and security training video for new staff
  • Annual security awareness and training programs for all staffs
  • Security awareness and training for individuals who clicked on links during the cyber drill
  • Develop Training Programs: Create training materials and programs related to IT security
  • Promote a Security Culture: Foster a culture of security awareness within the organization through ongoing education

Information Security Management System (ISMS):

  • Maintain, document control and publish up-to-date IS Policy, Procedure and form
  • Documentation Control. Maintain an organized documentation system for all ISMS-related documents
  • Facilitate management reviews of the ISMS
  • Implement a continuous improvement process to enhance the ISMS based on audit findings audit findings

Security Inspection:

  • Identify vulnerabilities in the current network and server infrastructure, and collaborate with IT to ensure timely remediation
  • Performing penetration tests to find any flaws on website and collaborate with IT to ensure timely remediation
  • Review and validate system hardening and baseline configurations, working with IT to ensure prompt remediation


Required Skills:

  • IT audit and regulatory compliance management
  • Active Directory and privileged access review
  • Security awareness and phishing simulation programs
  • IT risk assessment and third-party risk management
  • KRI monitoring and reporting
  • Information Security Management System (ISMS) governance
  • Security policy and documentation management
  • Cybersecurity vulnerability assessment and remediation
  • Penetration testing coordination
  • Cross-team collaboration and security culture promotion


The Company reserves the right not to consider any candidate application or profile submitted by any recruitment agency without prior request, approval, or authorization from the Company, notwithstanding any existing service agreement between the parties. Any unsolicited candidate submission shall not create any obligation or liability whatsoever on the part of the Company. Should any recruitment agency wish to introduce candidates or discuss potential collaboration, please contact 02-022 5632 directly prior to taking any action.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent