Job Role:
The Senior Manager, IT Security, Risk & Governance is responsible for maintaining and enhancing Filtrona’s global IT security posture, ensuring alignment with business needs and regulatory requirements. This role manages and optimizes existing security capabilities, oversees compliance and risk governance activities, and works closely with both technical teams and business stakeholders to ensure that security measures are effective yet pragmatic — protecting the organization without creating unnecessary barriers to operations.
The role acts as a key point of coordination for the day-to-day execution of the security, risk, and compliance program, working with Managed Service Providers (MSPs), IT teams, and business units to ensure the organization continues to derive value from its cybersecurity investments.
The Senior Manager will also play a key part in the assessment of software and projects that Filtrona business functions propose. They will ensure thorough security assessments are completed, risks are highlighted through the architecture board process and appropriate controls are agreed and delivered as part of any implementation.
Key Responsibilities:
Security Operations & Optimization
- Maintain and continually optimize the technical IT security environment (firewalls, identity access, endpoint security, vulnerability management, SIEM, Email Security, etc.) in coordination with MSPs.
- Ensure operational security controls are effective, fit-for-purpose, and business-friendly.
- Support the proactive identification, analysis, and remediation of security vulnerabilities and incidents.
- Contribute to the ongoing maturity of internal security monitoring and incident response processes.
- Manage the cyber security budget, negotiate renewals and ensure Cyber Security spend delivers value to Filtrona.
Risk Management & Compliance
- Coordinate the implementation of IT security policies, standards, and procedures in line with ISO 27001, NIST, GDPR, PDPA, and other regulatory requirements.
- Lead the execution of security audits, risk assessments, and compliance reviews.
- Manage the IT risk register, ensuring timely mitigation actions and status updates.
- Assist business teams in meeting compliance requirements for customer audits or legal obligations.
Governance & Awareness
- Serve as a subject matter expert for IT governance, risk, and compliance (GRC) topics.
- Promote security awareness across the organization through training and communication.
- Ensure documentation of policies, processes, and controls is maintained and accessible.
- Monitor external threat intelligence sources to identify risks relevant to the business.
Collaboration & Stakeholder Engagement
- Work closely with business units to ensure security controls are pragmatic and aligned with operational needs.
- Balance security and usability — avoiding unnecessary friction while upholding protection standards.
- Collaborate with internal IT teams, solution architects, and project managers to ensure new projects follow security guidelines and governance frameworks.
- Coordinate activities with the Enterprise Architect, IT Infrastructure Manager and other verticals and contribute to the Technology Design Authority (TDA) where required.
Key Requirements:
- Bachelor’s/ Master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.
- 6+ years of experience in IT security operations, governance, risk management, or compliance roles.
- Practical experience working with security technologies such as SIEM, endpoint protection, identity and access management (IAM), firewalls, and vulnerability management tools.
- Working knowledge of ISO 27001, NIST, PDPA, GDPR, or other relevant regulatory frameworks.
- Security certifications such as CISM, CISSP, CISA, or equivalent are preferred.
- Familiarity with hybrid cloud environments and third-party risk governance.
- Strong analytical and risk-based decision-making skills.
- Effective communicator with the ability to translate complex security topics for business stakeholders.
- Capable of managing vendor relationships and ensuring accountability from MSPs.
- Practical and business-oriented mindset with attention to usability and impact of security controls.
- Problem-solving approach with a continuous improvement mindset.
