Regional Business, Cybersecurity Risk & Compliance Manager

Job Summary:

We are seeking an experienced Cybersecurity Risk and Compliance professional to lead and oversee Business security governance across Thales DIS Asia’s Business, Manufacturing, R&D, and outsourced operations. The role focuses on ensuring compliance with ISO27001 and other relevant standards, managing security risks, and implementing GRC tools and processes.

Responsibilities:

• Lead Business Security Governance & Oversight for Asia operations, ensuring alignment with corporate policies and regulatory standards.
• Implement and maintain site security operation processes across personnel, physical, IT, and production environments.
• Ensure ISO27001 compliance and support other certifications (e.g., PCI-CP CC/EMVCo, GSM-SAS).
• Act as Subject Matter Expert (SME) for security-related queries, risk mitigation strategies, certifications and upkeep of ongoing security & regulatory requirements
• Conduct risk assessments, audits, and support accreditation efforts across internal and outsourced activities.
• Develop and maintain the Security Management System (SMS) and ensure KPI compliance.
• Collaborate with business leaders to deploy security frameworks and controls.
• Lead investigations into security incidents and provide actionable reports.
• Monitor and advise on cloud security, including AWS, Azure, GCP, Kubernetes, serverless, and data protection practices.
• Utilize GRC tools and security dashboards (e.g., Splunk, Grafana, Kibana, Power BI) to manage and report on security posture.
• Any other special projects as specified, as and when required.
• Travel within Asia (20–30%) to support regional security operations.

Requirements:

• Bachelor’s degree in IT or related field.
• Minimum 8 years of experience in IT Security or Audit.
• Certifications preferred: CISSP, CISA, CISM.
• Strong knowledge of IT and OT security, cloud security, and data protection.
• Experience with security incident investigation, policy development, and audit planning.
• Familiarity with ISO27001, industry standards, and GRC platforms.
• Excellent communication, analytical, and problem-solving skills.
• Ability to work independently and collaboratively across teams.