• Create, implement and maintain policies, standards and guidelines covering IT Risk & Security Management (particularly in technology risks and information security risks);
  • Provide oversight on the policies such as; IT Risk Management Framework, Key Risk Indicators , Security Operation, and Audit Tracking & etc;
  • Advise business or IT stakeholders and project teams on IT risks and recommended controls, practices and design to mitigate the risks, including meeting compliance requirements.
  • Plan and deliver communication session and awareness on IT risk and controls to IT or business stakeholders.
  • Proactively to identify risks and be responsible for the IT-BCP;
  • Conduct regular reviews on security controls (e.g. access control & sanctions, architecture review, firewall/proxy rule set approval);
  • Ensure all quality processes continue to operate effectively.
  • Leads suitable information security awareness, training activities to user and IT team.
  • Lead all IT audit activities, which shall include the external (i.e. vendor) and internal assessments as well as all customer related, regulatory, as well as regional-governance audit activities;
  • Work closely and liaise with internal IT auditors or regulator.
  • Perform Security Incident Management & Event Log Management;
  • Conduct Vulnerability & Threat Management reviews and supervise Penetration Testing as required;
  • Drive all IT Security related program or projects.
  • Initiate, facilitate, and promote on-going education activities to create, IT security and incident response awareness for all staff;
  • Coordinate the project plans for IT Security related activities, monitor, track and escalate as required;
  • Work closely with information system owners and technical members to secure information and mitigate the risks;
  • Any other tasks as assigned by Superior

Education Level

  • Degree in Computer Science or Information Technology
  • CISM, CISSP or other related certification would be preferred

Skills / Experiences

  • At least 3 years of working experience in managing IT Security and IT Risk;
  • Good experience in IT Security/Risk management processes, framework, policies, standards and guidelines;
  • Result oriented, with good project management skills and able to multi-task and operate within stipulated deadlines
  • Ability to communicate effectively with all levels of staff and across various organizational levels
  • Ability to present proposal and answer questions with confidence and presence
  • Ability to think logically and act tactically with a strong sense of responsibility
  • Proven technical aptitude and understanding of interconnections between IT systems
  • Knowledge of legislative (e.g. data privacy) and regulatory (e.g. financial regulatory) would be preferred
  • Knowledge of insurance industry would be preferred
  • Business level English
Note: Tokio Marine Insurance (Thailand) PCL reserves the right to change the scope of responsibility as deemed fit as and when necessary. The staff will be informed/prepare beforehand when such occasions arise.



May 03, 2016


Information Technology




Head Office, South Sathorn Road

How to Apply

Please submit a detailed resume, stating your expected and current salary and notice period required.

Email us

Email us



Submit an online application here.