IT Risk & Security Controls Specialist

Our Company

Do you want to be part of Thailand banking transformation? Data is the core of the new financial services era, and we are open for the opportunity to be part to drive this change at the core.

SCB DataX is a new venture of SCBx, the mothership of the financial technology business group comprising Siam Commercial Bank (SCB) and other subsidiaries, a leading financial services and digital services holdings in Thailand and ASEAN.

As part of the transformation of SCBx group of product and technology companies, under the SCBx brand, SCB DataX is the technology company to centralize data and provides AI/ML and data science services and products to the group.

With a leading-edge cloud native data & AI platform, our vision is to support the group to providing everyone in our region with the opportunity to prosper.

We work on forward-thinking challenges of centralizing, analyzing and sharing information. We collaborate with companies and experts in many different domains, embrace diversity and all that while having a good laugh and joy in work.

 

About Team and Role

At DataX, we recognize the critical role that effective risk management plays in our operations. DataX Risk Management division is responsible for data governance, privacy, security, technology risk, operational risk, model risk, business continuity, legal and compliance. We are tasked with development and execution of risk management strategies and ensuring the integrity of our processes and the safeguarding our organization.

This role sits within IT Risk and Security functions of the Risk Management division.

As a dynamic and innovative AI/ML startup operating in the fintech industry, we are seeking a motivated and skilled IT Risk & Security Controls Specialist to join our team. This role offers an exciting opportunity to contribute in design and development of our risk management processes in a fast-paced environment.

In this role, you will be exposed to new ways of working, new risk management techniques, complex business model, and a collegial working environment.

Responsibilities

  • Identify, assess, and mitigate risks associated with technology infrastructure, systems, and processes.
  • Evaluate vulnerabilities, design and implement controls to protect against threats.
  • Perform risk assessments to identify gaps and areas of improvement in the security posture.
  • Coordinate with Security and IT teams to ensure the implementation of security controls and measures.
  • Conduct risk assessments, control checks, and evaluate maturity of control environment using appropriate tools and methodologies.
  • Align technical security controls and processes with industry frameworks (e.g., NIST CSF, ISO 27001) and regulatory requirements.
  • Monitor and stay updated with emerging threats, vulnerabilities, and security practices to propose proactive measures.
  • Collaborate with cross-functional teams to implement security awareness and training programs for employees.
  • Regularly report to senior management and regulators on the status of security controls, risks, and compliance with regulations.

Qualifications

  • Bachelor's degree in a relevant field (e.g., Computer Science, Information Security) or equivalent practical experience.
  • Extensive experience in technology risk management or information security roles.
  • Strong knowledge of technology infrastructure, systems, and processes, with an understanding of associated risks.
  • Proven experience in identifying vulnerabilities, implementing security controls, and performing risk assessments.
  • Familiarity with security frameworks and regulations (e.g., NIST CSF, ISO 27001, PDPA) and their practical application.
  • Proficiency in using automated risk assessment tools and conducting security maturity assessments.
  • Excellent analytical and problem-solving skills, with the ability to think strategically and propose effective solutions.
  • Strong communication skills, with the ability to convey complex information to both technical and non-technical audiences.
  • Attention to detail and ability to work independently as well as collaboratively in cross-functional teams.
  • Professional certifications in information security (e.g., CISSP, CISM, CRISC) are highly desirable.
  • Experience with incident response and familiarity with incident response frameworks is a plus.

Apply for this position

Resume / CV

Attach Resume (max 20 mb. pdf file only)

Other Files

Attach File (max 20 mb. pdf file only)

Other Links (Optional)

I have read and accept the privacy statement
Cookie Notice

This site uses cookies for performance, analytics, personalization and advertising purposes. For more information about how we use cookies please see our Cookie Policy.

Manage Consent Preferences Essential/Strictly Necessary Cookies

These cookies are essential in order to enable you to move around the website and use it’s features, such as accessing secure areas of the website

Analytical/Performance Cookies

These are analytics cookies that allow us to collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. This helps us to improve the way the website works and allows us to test different ideas on the site

Functional/Preference Cookies

These cookies allow our website to properly function and in particular will allow you to use it’s more personal features.

Targeting/Advertising Cookies

These Cookies are used by third parties to build a profile of your interests and show you relavant adverts on other sites. You should check the relevant third party website for more information and how to opt out, as described below.