Welcome to DHL eCommerce!
We are excited to announce an exceptional opportunity within our organization for individuals seeking to join the dynamic world of DHL eCommerce. As part of our continuous growth and commitment to excellence, we are looking for talented professionals to contribute to our expanding global network.
At DHL eCommerce we provide a variety of international and domestic standard parcel delivery services in more than 35 countries around the globe. In selected markets we furthermore offer fulfillment services to customers. In line with the Group Strategy our aim is to be a leading provider of e-commerce related logistics. For this we are designing solutions across the entire DHL Group service portfolio for selected customers. As an integral part of the DHL Group, we leverage our extensive global network and cutting-edge technology to offer end-to-end e-commerce logistics solutions to our customers.
Joining our team means becoming part of a diverse and inclusive workplace culture that fosters collaboration, creativity, and personal growth. We value the unique perspectives and skills that each individual brings, and we believe that together we can achieve great things. As a global leader in logistics, DHL eCommerce offers unparalleled opportunities for career development and advancement, allowing you to unleash your full potential.
Your role
You are a Security Professional (m/f/x) with solution mindset and strong understanding of security architecture concepts, risk management and security governance. This role is responsible for defining, maintaining and enforcing security standards while also validating security controls through hands on security testing (Penetration testing, DAST and SAST). You will be based in Bangkok, TH office and be part of Information Security team for DHL eCommerce APAC region responsible for IT systems and applications used by Thailand, Malaysia and Australia.
Job Description
- Perform Security testing (Pentest, DAST and SAST) of selected business critical inhouse web and mobile applications.
- Own and lead end-to-end coordination of security testing of IT services by actively collaborating with other testing teams, Application development teams and Product Owners.
- Work closely with Regional Information Security Officer (RISO) in implementing the mandate for Information Security in APAC region.
- Consult as SME in assessment of new applications / projects being introduced to the APAC IT landscape.
- Track and report security risks, metrics and remediation progress to stakeholders
- Facilitate/Lead post test discussions among testing teams and IT project teams and direct such triages by providing due inputs from security viewpoint.
- Assisting in vendor assessment from security perspective.
- Represent InfoSec function in weekly change review meetings.
- Assist in maintaining proper record of security related activities for future audits and provide inputs for the periodic security reporting.
- Manage information security management processes, standards, and procedures to ensure control effectiveness and compliance.
- Collaborating with external Security Service Providers to ensure the cloud environment used by the APAC region is effectively secured and compliant againstDPDHL group wide ISTM/Cloud security standards.
- Effective and timely reporting of the status own area of responsibility to the RISO and management team.
- Support business and IT teams in security awareness initiatives in APAC.
- Apply knowledge of industry standard methodologies and frameworks.
Qualification
- At least 12 years of industry experience with solid background in Information Security testing and Governance, Risk Management and Compliance (GRC).
- Sound understanding of the following aspects - Secure Application and System Development, Cloud security and security project management.
- Sound understanding and hands-on working experience in Information Security testing, related tooling, utilities and market trends.
- Demonstrated knowledge and capability in risk management t o support overall regional Risk Management function.
- Verbal and written proficiency in English is required.
- Familiarity in following aspects - Business Continuity, Disaster Recovery, Security Operations, Incident Management.
- Industry recognized certifications (CompTia Security+, CISM, CRISC, CISSP etc.).
- Ability to work in a regional setup, with remote stakeholders.
- Self-starter mindset - able to own end-to-end assignments and deliver results with minimal supervision.
- Working familiarity of cybersecurity best practices, standards and frameworks e.g. ISO27000 family, OWASP Top 10 etc.
- Ability to review cloud security configuration for cloud hosted IT services (MS Azure and AWS) and guide application teams on hardening measures.
- Understanding of security breach protocols and attack vectors.
#LI-ETH
