Location: Singapore, Singapore
Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges.
From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence.
Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.
In Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia-Pacific region.
With 2,000 employees across three local sites, we deliver cutting-edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors.
Together, we’re shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress.
Responsibilities:
Reporting to Asia CDI Security Director is responsible & accountable for Security Governance and Oversight for Thales DIS Asia Business, R&D and Outsourced activities (Manuf / SW Dev etc).Ensure that site security processes and procedures are setup and operated in accordance with Corporate and Site Security Polices & requirements.Support as needed site security management on all aspects of personnel, physical, production and IT security at the various card, secured documents production and personalization sites within the region responsible.Acting in accordance with the Corporate Security Management System and Policy to support the related site security management on all aspects of personnel, physical, logical, IT security at all Asia R&D / Outsource Manuf activities.Ensure the oversight of information security for the related sites in Asia region are in accordance to required org security requirements and compliance to applicable certification and regulatory requirements.Serves as a SME for the related stakeholders in Asia region in regard to any security queries, issues and provide appropriate solutions in line with the required compliance and risk levelSupport the sites in obtaining accreditation and then ensure ongoing compliance with the security regulatory requirements in respect for business / R&D security activities as per applicable standards such (CC/EMVCo, ISO27001, GSM-SAS etc).Cloud Platform Expertise: Deep understanding of security best practices and native security services within major cloud platforms (e.g., AWS, Azure, GCP).
Specify which platforms are most relevant to your organization.Container and Kubernetes Security: Understanding of security best practices for containerized applications and orchestration platforms like Kubernetes in cloud environments.Serverless Security: Awareness of the unique security challenges and best practices associated with serverless computing (e.g., AWS Lambda, Azure Functions).Cloud Data Security: Expertise in implementing data loss prevention (DLP), encryption at rest and in transit, data masking, and other data security controls specific to cloud storage and databases. Perform Risk Assessment and regular audits for both internal and external stakeholders as per Accreditation or Corporate Standards and recommend and verify the implementation of solutions/controls.Ensure that Security risks and issues are appropriately managed in a measurable way and in accordance with Corporate policies and customer requirementsDevelop and maintain the Site Security Management System (SMS) to fulfill the regulatory requirements and ensure all Security KPI compliance to ensure & achieve desired level of security for Sites & Business Activities.Provide inputs and recommendations to management and take necessary steps to propose the security controls needed to protect information and assets as well as all business data and information of customers and partners.Act as the Tactical Process Manager between personnel responsible for security and organizational leaders to help organization achieve its strategic security objectives.Formulate security audit plan with Asia Security Director and perform internal cross-site audits in Asia region to ensure that controls and audit trials are in place to protect company assets. Monitor all security activities (Logical & Physical) and advice the management team on all matters concerning card/secured documents production security, IT system security as well as outsourced activities.To work with all business owners and departments to ensure the security requirements and deployment of security framework in all production sites as well as outsourced manufacturing activities.Lead and manage the investigation of any security breaches that has significantly impact to the business. Any other special projects as specified, as and when required.The job holder shall always during the employment with the company, respect and comply with the Quality, Health, Safety, Environmental & Security requirements during the performance of his/her duties.
Requirements:
Bachelor Degree in IT related field or equivalentStrong communication (Oral & Written).IT security knowledge & experience.Operational IT Security is an advantageCISSP, CISA, CISM certification is preferred.Security auditing experience will be added advantage.At least 8 years of experience of IT Security or Audit experience in established firm preferred,Experience in security incident investigation and report writing.Experience to present & communicate at all levels of the org .High degree of integrity, confidentiality, and discretion.Strong interpersonal and communication skills required;Ability to interact and communicate effectively at all levels;Independent, approachable & analytical;Able to remain calm and effective under pressure.Strong interpersonal and communication skills (written and verbal).Demonstrated knowledge and experience in Operational Technology (OT) and Information Technology (IT) Security.Solid understanding of security principles, frameworks, and best practices.Experience in conducting security risk assessments and audits.Familiarity with relevant security standards and regulations (e.g., ISO 27001, specific industry standards).Proven ability to develop and implement security policies and procedures.Strong analytical and problem-solving skills.Self-motivated with a proactive and responsible attitude.Ability to work independently and collaboratively.Experience in security within a manufacturing or related industry.Knowledge of cloud security principles and practices (mention specific platforms if crucial, e.g., familiarity with AWS or Azure security concepts).Understanding of container and Kubernetes security concepts.Awareness of serverless security considerations.Experience with data loss prevention (DLP) and data encryption techniques.Familiarity with embedded programming fundamentals (if relevant to the role's scope).Experience with Security GRC tools and processes &Experience security dashboard platforms (e.g., Splunk, Grafana, Kibana, Power BI) is a plus.Able to travel 20-30% of time within Asia as needed.At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do.
Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do.
Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.