Regional Manager, CDI Business and Product Security GRC

Thales is a global technology leader trusted by governments institutions and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space cybersecurity and digital identity were driven by a mission to build a future we can all trust.

Overall Purpose of Job

The role of the Thales CDI Business and Product Security GRC Manager is responsible & accountable for Security Governance and Oversight for all Thales CDI Business Security including Operations Product and Outsourced activities (Manufacturing Personalization Software Development etc.) in APAC. This includes Physical / Logical Security Operations & Certifications compliance to ensure the deployment implementation and enforcement of security policies and practices are in accordance to Thales CDI and Regulatory Security Requirements.

Key Activities / Responsibilities

• Reporting to the CDI Regional Security Director the role is responsible and accountable for Security Governance and Oversight of CDI Asia Business Security including Operations Product and Outsourced activities (Manufacturing Personalization Software Development etc.).

• Act as the Tactical Process Manager bridging security personnel and organizational leaders to facilitate achievement of strategic security objectives.

• Oversee business and operational security management related to but not limited to personnel physical production and IT security across various Secure Product manufacturing and personalization sites within the region (Module Card Document & ID).

• Act in alignment with the Corporate Security Management System and policies to support site security management covering all aspects: personnel physical logical and IT security for relevant business activities and operations within scope.

• Ensure information security oversight at Asia regional sites complies with organizational security requirements certifications and applicable regulations.

• Serve as a Subject Matter Expert (SME) for stakeholders across Asia on security-related queries and issues providing solutions aligned with compliance and risk management standards.

• Provide expert advisory and guidance to sites for achieving and maintaining required accreditations and ongoing compliance with security regulations in accordance with regulatory requirements and applicable standards such as GSMA-SAS ISO 14298 ISO 27001 PCI-CP etc. (with accountability for outcomes)

• Act as Regional (PoC) for Industry 4.0 initiatives for Manufacturing and Banking activities. Ensure design implementation and management of digitization IoT and SCADA infrastructure/software meet all applicable standards and security requirements; contribute to security evaluations of IoT solutions in other regions.

• Conduct risk assessments and regular audits for internal and external stakeholders in accordance with accreditation or corporate standards; recommend corrective actions and verify the implementation of security controls.

• Ensure that security risks and issues are appropriately identified managed and mitigated in a measurable manner following corporate policies and customer requirements.

• Accountable for assuring of Regional Site Security Management System (SMS) to meet regulatory requirements and Security KPIs are achieved for all CDI sites and business activities under the scope of the role.

• Experience and familiarity with Cloud Security to ensure GRC and assurance for business cloud security including AWS Azure GCP Kubernetes serverless and data protection practices.

• Act as domain expert and trusted advisor to provide management with inputs and recommendations to ensure proactively manage risks and protection of CDI Customer and partner information assets and data.

• Accountable to develop a security assurance plan and conduct internal cross-site audits across the Asia region ensuring controls and audit trails are effectively implemented to safeguard company assets.

• Accountable for Security Assurance oversight & reporting of all business security risks and compliance in scope of the role incld. & not limited to Physical Logical Operations Data Protection R&D Product and security of outsourced operations and providers.

• Partner with business owners and departments to ensure security requirements are defined and effectively deployed within all production sites and outsourced manufacturing activities.

• Lead and manage investigations related to any security breaches that significantly impact the business ensuring thorough analysis and remediation.

• Consistently adhere to and promote compliance with CDI Quality Health Safety Environmental and Security policies and requirements throughout the performance of all duties.

• Undertake any special projects or assignments as specified as and when required.

JOB REQUIREMENTS

Knowledge and Skills

• Operational Physical and IT Security knowledge and experience.

• Cyber & Cloud: Practical understanding of Cloud Security (AWS/Azure/GCP) containerization (Kubernetes) and securing IoT/SCADA environments (Industry 4.0).

• Knowledge of GSMA PCI and ISO security standards as well as Data Protection regulations (GDPR/PDPA).

• Risk Management: Expertise in conducting formal risk assessments and business impact analyses.

• Relevant Operational Security & Management experience in Data Centre Manufacturing & Adjacent industries.

• Excellent knowledge of the security challenges in high-tech environment ins Singapore & APAC region is desirable

Education Qualifications and Special Training

• Bachelor Degree in IT related field or equivalent

• Strong communication (Oral & Written).

• IT & Operational Security experience is an advantage

• CISSP CISA CISM certification is preferred.

• Security auditing experience will be added advantage.

Experience

• 10 years of progressive experience in IT / IT Security Security Governance Risk and Compliance (GRC) ideally within high-security manufacturing data center and adjacent industries.

• Proven track record of managing security oversight across multiple sites in the Asia-Pacific region.

• Audit Expertise: 3 years of experience leading external audits for GSMA-SAS PCI-CP or ISO 27001 certifications.

• Investigative experience and an ability to prepare and present comprehensive written report and documents.

Special Requirements(Tools and Equipment Used External Contacts etc.)

• GRC tools and security dashboards (e.g. Splunk Grafana Kibana Power BI) to manage and report on security posture.

• Able to travel 20-30% of time within Asia as needed.

#LI-ML1

At Thales were committed to fostering a workplace where respect trust collaboration and passion drive everything we do. Here youll feel empowered to bring your best self thrive in a supportive culture and love the work you do. Join us and be part of a team reimagining technology to create solutions that truly make a difference for a safer greener and more inclusive world.