Senior Security Governance

About LINE MAN Wongnai

LINE MAN Wongnai is Thailand's Leading On-Demand Delivery and Lifestyle e-Commerce platform services. We build technology to help Thai people live better, to empower all local businesses by creating an end-to-end food ecosystem through our channel LINE MAN and Wongnai. Connected consumers, riders, and local businesses and improved the daily life of all parties with restaurants nationwide. And because we are local, we provide the deepest variety and services that are tailor-made for Thai people.

We are looking for Senior Security Governance professional to design and operate scalable security governance, risk, and compliance (GRC) controls across the organization.This is a hands-on, engineering-aligned role focused on translating security, regulatory, and contractual requirements into practical, automatable controls embedded directly into developer workflows, not run as a separate governance function. You will partner closely with Security, Engineering, IT, Product, and Compliance teams to ensure governance is clear, measurable, and consistently applied across modern cloud-native environments.

What you do:

Security Governance, Policy & Control Design

• Design, implement, and evolve scalable security governance frameworks, including policies, standards, control objectives, and lifecycle management
• Translate regulatory, contractual, and internal requirements into practical, auditable security controls aligned with engineering and operational workflows
• Own control design, documentation, validation, review cadence, exception handling, risk acceptance, and deprecation
• Maintain alignment with external frameworks (e.g., ISO 27001, NIST, PCI DSS) while minimizing duplication and audit fatigue

Risk, Control Operations & Assurance

• Perform security risk assessments, control gap analyses, and governance reviews across systems, services, and third parties
• Design and maintain cross-framework control mappings and track control effectiveness, remediation progress, and risk decisions over time
• Support audits and assessments by producing clear, high-quality, and defensible evidence
• Operate governance workflows for exceptions, risk acceptance, periodic reviews, and renewals

Security Insights, Engineering Enablement & Collaboration

• Oversee governance implications of vulnerabilities across applications, cloud, identity, source code, and third-party dependencies
• Review findings from scans, penetration tests, audits, and incidents to assess root causes and drive governance or control improvements
• Ensure remediation, mitigation, or risk acceptance aligns with defined security standards and policies
• Partner closely with engineering and product teams to embed governance into SDLC, CI/CD, and cloud workflows, acting as a trusted advisor rather than an enforcer

What you need to succeed in this role:

• 5+ years of experience in security governance, risk, compliance, or a closely related security role, with demonstrated ownership of security controls, policies, and risk processes
• Proven experience designing and maintaining security policies, standards, and control frameworks
• Hands-on experience mapping and operating controls aligned with frameworks such as ISO 27001, NIST, PCI DSS, and relevant local regulatory requirements (e.g., BOT, AMLO)
• Experience performing risk assessments, control gap analyses, and risk treatment planning
• Demonstrated ability to support audits and regulatory assessments by producing high-quality, defensible evidence
• Experience operating exception, risk acceptance, and control deviation processes
• Practical understanding of security concepts across cloud, applications, identity, and third-party risk
• Experience partnering with technical teams to embed governance into SDLC, cloud, and operational workflows

It would be great if you have:

• Ability to clearly explain security controls in practical, non-theoretical terms, with strong judgment in balancing risk, usability, and business impact
• Proven track record of improving security governance maturity while minimizing friction in high-velocity, fast-evolving delivery environments
• Experience operating security governance in development-driven organizations, including SaaS, cloud-native platforms, and regulated industries such as financial services
• Confidence influencing engineering and product teams through clarity, trust, and credibility rather than authority
• Familiarity with governance and control processes, including evidence collection and GRC workflows, supported by relevant security or risk certifications (e.g., ISO 27001, CISSP, CISM, CRISC)