Security Engineer
About the Role
You will draft and maintain information security policies, standards, and SOPs and ensure they align with operations. You will review and improve security controls, conduct risk assessments, and recommend control designs. You will coordinate internal and external audits, prepare audit documentation, and respond to regulatory inspections. You will analyze compliance with laws and standards such as the Cyber Security Management Act, PDPA, GDPR, ISO, and NIST. You will create and deliver security awareness training and promote effective policy implementation across departments.
Requirements
- Bachelor's degree in Information Security, Computer Science, IT Management, Risk Management, or related field
- 3–5 years of experience in information security with policy writing and audit experience
- Familiarity with ISO 27001, CIS Controls, MAS TRM, and NIST
- Ability to review IT processes, design controls, and write policies and SOPs
- Experience supporting internal and external audits or regulatory checks
- Ability to track and report on audit findings and improvement plans
Responsibilities
- Draft and maintain information security policies, standards, and SOPs
- Review and improve the effectiveness of security controls
- Conduct risk assessments and recommend control designs
- Support departments to enhance security control maturity
- Act as point of contact for internal audits, external audits, and regulatory inspections
- Prepare and organize audit documentation and workpapers
- Analyze compliance with laws and industry standards
- Provide implementation guidance and training for compliance requirements
- Plan and execute security awareness programs and training
- Promote information security policies and ensure implementation