Regional Manager, Business Security & Governance

Location: Singapore, Singapore

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Thales established its presence in Singapore in 1973 to support the expansion of aerospace-related activities in the Asia-Pacific region. Throughout the last four decades, the company grew from strength to strength and is today involved in the primary businesses of Aerospace (including Air Traffic Management), Defence & Security, Ground Transportation and Digital Identity & Security. Thales today employs over 2,100 people in Singapore across all its business areas.

Responsibilities:

• Reporting to Asia CDI Security Director is responsible & accountable for Security Governance and Oversight for Thales DIS Asia Business, R&D and Outsourced activities (Manuf / SW Dev etc).
• Ensure that site security processes and procedures are setup and operated in accordance with Corporate and Site Security Polices & requirements.
• Support as needed site security management on all aspects of personnel, physical, production and IT security at the various card, secured documents production and personalization sites within the region responsible.
• Acting in accordance with the Corporate Security Management System and Policy to support the related site security management on all aspects of personnel, physical, logical, IT security at all Asia R&D / Outsource Manuf activities.
• Ensure the oversight of information security for the related sites in Asia region are in accordance to required org security requirements and compliance to applicable certification and regulatory requirements.
• Serves as a SME for the related stakeholders in Asia region in regard to any security queries, issues and provide appropriate solutions in line with the required compliance and risk level
• Support the sites in obtaining accreditation and then ensure ongoing compliance with the security regulatory requirements in respect for business / R&D security activities as per applicable standards such (CC/EMVCo, ISO27001, GSM-SAS etc).
• Cloud Platform Expertise: Deep understanding of security best practices and native security services within major cloud platforms (e.g., AWS, Azure, GCP). Specify which platforms are most relevant to your organization.
• Container and Kubernetes Security: Understanding of security best practices for containerized applications and orchestration platforms like Kubernetes in cloud environments.
• Serverless Security: Awareness of the unique security challenges and best practices associated with serverless computing (e.g., AWS Lambda, Azure Functions).
• Cloud Data Security: Expertise in implementing data loss prevention (DLP), encryption at rest and in transit, data masking, and other data security controls specific to cloud storage and databases.
•  Perform Risk Assessment and regular audits for both internal and external stakeholders as per Accreditation or Corporate Standards and recommend and verify the implementation of solutions/controls.
• Ensure that Security risks and issues are appropriately managed in a measurable way and in accordance with Corporate policies and customer requirements
• Develop and maintain the Site Security Management System (SMS) to fulfill the regulatory requirements and ensure all Security KPI compliance to ensure & achieve desired level of security for   Sites & Business Activities.
• Provide inputs and recommendations to management and take necessary steps to propose the security controls needed to protect information and assets as well as all business data and information of customers and partners.
• Act as the Tactical Process Manager between personnel responsible for security and organizational leaders to help organization achieve its strategic security objectives.
• Formulate security audit plan with Asia Security Director and perform internal cross-site audits in Asia region to ensure that controls and audit trials are in place to protect company assets.
•  Monitor all security activities (Logical & Physical) and advice the management team on all matters concerning card/secured documents production security, IT system security as well as outsourced activities.
• To work with all business owners and departments to ensure the security requirements and deployment of security framework in all production sites as well as outsourced manufacturing activities.
• Lead and manage the investigation of any security breaches that has significantly impact to the business.
•  Any other special projects as specified, as and when required.

The job holder shall always during the employment with the company, respect and comply with the   Quality, Health, Safety, Environmental & Security requirements during the performance of his/her duties.

Requirements:

• Bachelor Degree in IT related field or equivalent
• Strong communication (Oral & Written).
• IT security knowledge & experience.
• Operational IT Security is an advantage
• CISSP, CISA, CISM certification is preferred.
• Security auditing experience will be added advantage.
• At least 8 years of experience of IT Security or Audit experience in established firm preferred,
• Experience in security incident investigation and report writing.
• Experience to present & communicate at all levels of the org .
• High degree of integrity, confidentiality, and discretion.
• Strong interpersonal and communication skills required;
• Ability to interact and communicate effectively at all levels;
• Independent, approachable & analytical;
• Able to remain calm and effective under pressure.
• Strong interpersonal and communication skills (written and verbal).
• Demonstrated knowledge and experience in Operational Technology (OT) and Information Technology (IT) Security.
• Solid understanding of security principles, frameworks, and best practices.
• Experience in conducting security risk assessments and audits.
• Familiarity with relevant security standards and regulations (e.g., ISO 27001, specific industry standards).
• Proven ability to develop and implement security policies and procedures.
• Strong analytical and problem-solving skills.
• Self-motivated with a proactive and responsible attitude.
• Ability to work independently and collaboratively.
• Experience in security within a manufacturing or related industry.
• Knowledge of cloud security principles and practices (mention specific platforms if crucial, e.g., "familiarity with AWS or Azure security concepts").
• Understanding of container and Kubernetes security concepts.
• Awareness of serverless security considerations.
• Experience with data loss prevention (DLP) and data encryption techniques.
• Familiarity with embedded programming fundamentals (if relevant to the role's scope).
• Experience with Security GRC tools and processes &
• Experience security dashboard platforms (e.g., Splunk, Grafana, Kibana, Power BI) is a plus.
• Able to travel 20-30% of time within Asia as needed.

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!