Principal Information Security Officer

About the Job 

As a Local Information Security Officer (ISO) at Allianz Technology Thailand, you will play a crucial role in driving the implementation and evolution of the Allianz SE Group and Technology Information Security Framework and related guidelines. You will ensure compliance with the IS framework by providing control assurance for services offered to customers, as well for those that are consumed by the hub. In addition, this role is also responsible for Protection & Resilience (P&R) matters including Business Continuity Management (BCM), Crisis Management (CM) and Protective security management

Your role will be pivotal in fostering a secure and resilient environment for Allianz Technology Thailand, aligning with Allianz's commitment to protection and resilience. Dive into a dynamic environment where your expertise will drive information security excellence and protect Allianz's interests.

What you do 

Information Security Officer (ISO)

Drive the implementation of and ensure compliance with Group-wide standards, regulatory requirements and industry security standards included but not limited to Global information security framework assessment, Global functional rule assessment, DORA, NIS2 in all Allianz Technology services and in projects. Oversee the compliance reporting process for local entities; assess and address deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.Lead local Information Security Steering Boards and support preparation of Information Security action plans.Support local executive body in their regulatory Information Security-related governance requirements and their responsibility to set up sound organizational and operational structures and proceduresImplement the actions under the LISO´s responsibility (e. g. IS Management Meetings, ISSB meetings, IS Risk Management), proactively manage the implementation of relevant follow-up measures in a timely manner.Ensure that all Allianz Technology IS Governance related documents are ratified by local entity management and follow up on the implementation of those.Serve as Local contact point for information security-related matters, including interfaces to business, partners, customers and other safeguarding functions.Provide information security consulting and liaison with all relevant stakeholders.Systematically assess the effectiveness of security controls in all services provided by Allianz Technology, its partners and third-party providers.Drive Security Risk Management, including supporting the life cycle of security risk assessments, assessing and addressing deviations from security policies and contractual security provisions, as well as developing effective strategies to mitigate identified information security risks.Ensure that all IS related deviations (aka IS risks) are reported in the GRC tool and managed there as defined in the information security risk management processPromote awareness of Allianz Technology security requirements and processes via regular communication to workforce across multiple channels.Manage the local roll-out of global information security trainings and monitor and report the attendance of local workforceEngage with senior stakeholders and providing regular, high-impact reports to the regional management, the Allianz Technology Thailand Board of Directors, and the Board of Management of Allianz TechnologRegularly exchange with and contribute to the regional and global Allianz Technology ISO community.Support the annual IT compliance reporting process for the local entity.Support local management in their regulatory Information Security-related governance requirements

Protection & Resilience (P&R)

Perform the Business Continuity Management (BCM) lifecycle activities for Allianz Technology Thailand, including business impact analysis (BIA), risk identification and assessment (RIA), response strategies, response planning, exercise and testingMonitor and advise about applicable laws and regulations and ensure that the Allianz Technology Thailand ratifies the Protection and Resilience PolicyAct as resilience point of contact and coordinate resilience related requests; verify IT Disaster Recovery (DR) capabilities, identify possible IT DR gaps and ensure DR data consistencyMonitor incidents with potential crisis and report these to the Allianz Technology Crisis Unit OfficeRegularly assess resilience controls and report results to Protection & Resilience OfficeCreate internal awareness of Protection & Resilience and associated responsibilities within Allianz Technology ThailandRegularly participate in reviews being undertaken by global Protection & Resilience OfficeCoordinate and assess the organization maturity in protective security management.Perform annual review and execution of organizational business continuity plan an

What you bring

Bachelor or master degree in Computer or Information technology in related fields.Recognized Information Security Certifications e.g. CISSP, CISA, CISM. CRISC, PCI DSS or ISO27001 Lead Auditor preferred8+ years of experience in information security, Information risk management, controls assurance & compliance programs.Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditingPrevious experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworksRelated security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.Strong presentation skills Excellent communication skills, interpersonal, oral, and written in Englis

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working.
• We believe in rewarding performance, and our compensation and benefits package includes a company bonus scheme, pension, employee shares program, and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery, and empowerment are fostered.
• Flexible working, health, and wellbeing offers (including healthcare and parental leave benefits) support balancing family and career and help our people return from career breaks with valuable experience.
• Work from home allowance.
• Comprehensive health insurance extends beyond employees to cover their loved ones.
• We offer a premium gym membership to support well-being and a healthy work-life balance.
• An on-site playroom and a variety of engaging activities are available to help employees unwind and recharge.

83458 | IT & Tech Engineering | Professional | Non-Executive | Allianz Technology | Full-Time | Permanent

About Allianz Technology:
With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked with running, optimizing, transforming, and innovating the infrastructure, applications, and services together with Allianz companies to co-create the best customer experience. We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks, and security, to application platforms ranging from workplace services to digital interaction. In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.Find us at:

Commitment to Integrity, Fairness & Inclusion:
Allianz Technology is proud to be an equal opportunity employer dedicated to fostering an inclusive work environment for everyone. We embrace individuals of all gender identities and expressions, sexual orientations, ethnicities, ages, nationalities, religions, disabilities, and philosophies of life. Ultimately, our greatest strength as a company lies in the unique skills, experiences, and backgrounds our employees contribut

To Recruitment Agencies:
Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agency or search firm recruiters. When we engage with recruitment agencies, the partnership is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate is ultimately employed by Allianz.

---