Senior Information Security Specialist

KKCompany Technologies Group is a leading technology group in software services. We have created the worlds first legal music streaming platform, KKBOX, and are an international software technology group focused on multimedia technologies, digital cloud, and AI applications as our core business to create value for the customers. The group consists of self-owned brands including KKBOX, BlendVision, and Going Cloud with enterprise customers across Asia. KKCompany Technologies has attained OpenChain ISO/IEC 5230 and ISO 27001 third-party international certification.

We have over 500 employees across offices in Tokyo, Singapore, Taipei, Kaohsiung, and Hong Kong. For more information please visit our website: www.kkcompany.com and blog: blog.kkcompany.com

Senior Information Security Specialist

We are looking for an experienced Information Security Specialist who can operate independently and keep KKCompanys rapidly scaling business aligned with ISO/IEC 27001, ISO/IEC 27701, and other relevant security and privacy requirements. You will drive internal audits, policy development, and security-awareness initiatives while collaborating with colleagues across product, operations, and compliance to embed a security-first mindset as the company grows. If you want a role that blends strategic impact with hands-on ownership of security and privacy, youll feel right at home here.

Responsibilities:

• Lead internal audits against ISO 27000-series standards, track remediation, and manage external audit schedules and evidence.
• Develop, update, and enforce information security and privacy policies, procedures, and records to meet regulatory and standard requirements.
• Monitor developments in security and privacy regulations (e.g., PDPA) and advise on control adjustments.
• Conduct annual risk assessments, maintain the risk register, and coordinate mitigation actions across teams.
• Design and deliver security and privacy awareness training and campaigns to raise organization wide security awareness.
• Collaborate with engineering, cloud operations, legal, and external consultants to ensure controls remain effective and aligned with business needs.
  

Requirements:

• ISO/IEC 27001:2022 Lead Auditor certification, or equivalent direct audit experience.

• Minimum 2 years of experience in information security management or security audit roles, with proven experience leading ISO 27001 internal audits.

• Practical skills in drafting and maintaining security and privacy policies and procedures aligned with recognized standards.

• Familiarity with risk assessment methodologies and experience maintaining a risk register.

• Ability to design and deliver security awareness materials or training sessions for non-technical audiences.

• Comfortable reading English standards and regulations and producing concise written documents; basic spoken English for discussions when required.

• Strong interpersonal and coordination skills to work with colleagues from different functions and with external advisors.

• Familiarity with project or issue tracking tools such as GitLab or Jira, and basic project management practices.

Nice to Have:

• Background in technology, software, or cloud service companies.
• Additional certifications such as CEH, CISA, CISM, CIPM, or ISO/IEC 27701 Lead Auditor certification.
• Excellent presentation, training, or cross cultural collaboration experience.
• Demonstrated proactivity and problem solving skills, with the ability to influence multiple teams on security matters.