· Create, implement and maintain policies, standards and guidelines covering IT Risk & Security Management (particularly in technology risks and information security risks);

· Provide oversight on the policies such as; IT Risk Management Framework, Key Risk Indicators , Security Operation, and Audit Tracking & etc;

· Advise business or IT stakeholders and project teams on IT risks and recommended controls, practices and design to mitigate the risks, including meeting compliance requirements.

· Plan and deliver communication session and awareness on IT risk and controls to IT or business stakeholders.

· Proactive to identify risks and be responsible for the IT-BCP;

· Conduct regular reviews on security controls (e.g. access control & sanctions, architecture review, firewall/proxy rule set approval);

· Leads suitable information security awareness, training activities to user and IT team.

· Lead all IT audit activities, which shall include the external (i.e. vendor) and internal assessments as well as all customer related, regulatory, as well as regional-governance audit activities;

· Work closely and liaise with internal IT auditors or regulator.

· Perform Security Incident Management & Event Log Management;

· Drive all IT Security related program or projects.

· Work closely with information system owners and technical members to secure information and mitigate the risks;


·           A Bachelor's Degree or more in Business related discipline or an Information Technology;

· CISM, CISSP or other related certification would be preferred 

· At least 7 years of working experience in managing IT Security and IT Risk;

· Good experience in IT Security/Risk management processes, framework, policies, standards and guidelines;

· Result oriented, with good project management skills and able to multi-task and operate within stipulated deadlines 

· Ability to communicate effectively with all levels of staff and across various organizational levels

· Ability to present proposal and answer questions with confidence and presence

· Ability to think logically and act tactically with a strong sense of responsibility

· Proven technical aptitude and understanding of interconnection between IT systems

· Knowledge of legislative (e.g. data privacy) and regulatory (e.g. financial regulatory) would be preferred

· Knowledge of insurance industry would be preferred

· Business level English

Note: Tokio Marine Insurance (Thailand) PCL reserves the right to change the scope of responsibility as deemed fit as and when necessary. The staff will be informed/prepare beforehand when such occasions arise.

How to Apply

Please submit a detailed resume, stating your expected and current salary and notice period required.

Email us

Email us



Submit an online application here.