IT Security Compliance Specialist

Job Description

The IT Security Compliance Specialist is responsible for ensuring that the ABACUS digital’ information technology systems, processes, and procedures comply with internal policies and external regulatory requirements. They must maintain a strong knowledge of industry standards and best practices related to information security, compliance, and risk management. They collaborate with various departments, including development, delivery, risk, and data analytics to ensure that information security practices are integrated into business operations, and they coordinate with external auditors to assess compliance with applicable regulations.

What you will do

Develop and maintain information security policies, procedures, and guidelines in accordance with industry standards and regulatory requirements

Monitor and assess the ABACUS digital information security risks, vulnerabilities, and threats, and provide recommendations for mitigating these risks

Collaborate with the delivery teams to implement and maintain effective security controls, including secure coding, system monitoring, and incident response

Conduct security assessments and audits to ensure compliance with applicable regulations, such as ISO 27001, ISO 27701, SOC II, and PDPA

Serve as a liaison with external auditors and regulators to provide evidence of compliance and facilitate audits and assessments

Develop and deliver information security training and awareness programs to educate employees on information security policies and procedures

Participate in incident response activities, including conducting investigations, providing technical expertise, and developing remediator plans

Stay up-to-date on the latest information security trends, technologies, and best practices, and provide recommendations for improving the organization’s security posture

What we are looking for

Bachelor's degree in Computer Science, Information Technology, or a related field

3-5 years of experience in IT security and compliance, including experience with regulatory compliance frameworks such as ISO 27001 and PDPA lawsuit

Strong knowledge of information security principles, practices, and technologies, including network security, access controls, cryptography, and security operations

Experience with security assessments, audits, and compliance reporting.

Strong analytical and problem-solving skills, with the ability to assess and mitigate security risks and vulnerabilities

Excellent communication and interpersonal skills, with the ability to collaborate with various departments and communicate technical information to non-technical stakeholders

Professional certifications such as CISSP, CISM, or CISA are preferred.