PH - Digital Security Lead

Enable our growing remote-first team to work in a safe and secure manner...

Thinking Machines is a technology consultancy building AI & data platforms to solve high impact problems for our client. Our vision is for Southeast Asia to become a global hub for data science. To do that, we create data cultures, one organization at a time.

We’re a company made up of intellectually curious, civic-minded, forever-learning individuals. We believe that great data science products are built with care for people, and that the best way to drive inclusive innovation is to start with a diverse team.

Our field of work is incredibly dynamic, so we want to work with people who are committed to growing with us. We want to hire people who can demonstrate an ability to learn, then provide them with personalized coaching, growth opportunities, and a great working environment to get them to world-class.

Security at Thinking Machines involves healthy paranoia, automation, responsiveness, and enabling a sharp team of data professionals to innovate and build in safe boundaries. You will be responsible for ensuring the safety and security of company assets and data, cloud infrastructure, and enabling a growing remote-first team to work in a safe and secure manner. 

Your areas of responsibility may include the following:

• Provide internal consulting for security needs of the staff
  • Manage access control for various platforms and internal systems
  • Man a set of service desks for security consultations and other support requests
• Oversee security incident prevention, detection, and response
  • Design and implement an on-call policy for incident response
  • Facilitate the execution of the relevant procedures as triggered by incident reports
  • Spearhead initiatives for monitoring networks and infrastructure to enable timely detection of security issues and/or breaches 
• Manage external relationships with vendors
  • Evaluate and manage security software and vendors
  • Manage our working relationship with security consultants and other vendors who provide us with training, evaluate our security posture, and make recommendations
• Serve as an internal security consultant for enterprise clients
  • Coordinate with legal and client IT personnel to navigate security compliance questions and requirements
  • Work alongside enterprise client teams and provide guidance for developing secure project architectures in the cloud
• Administer and review internal stack of tools
  • Manage standard procedures and audit security posture for platforms such as Slack and GitHub and their various integrations
  • Interface with the operations team to purchase and roll out new software across the company
  • Oversee and execute onboarding and offboarding of employees
• Communicate and enforce security policies
  • Uphold the culture of regularly disseminating informative material to keep staff up to date with the latest security advisories and initiatives
  • Address questions, concerns, and clarifications from the staff about various security policies and best practices
• Manage the security team
  • Supervise 2-3 security and IT professionals
  • Provide feedback on the team's performance
  • Coach, mentor, and support the career goals of each team member
  • Craft and enforce sensible security policies that support the company's goals
  • Coordinate closely with various stakeholders such as Operations, Machine Learning, Engineering, and Leadership teams to build technical policies and procedures 
  • Prefer to leverage automation and educate staff instead of instituting sweeping restrictions
  • Work closely with legal and project teams to develop data governance and management strategies
  • Standardize security for our data-handling processes

• 5+ years working in digital technology, of which at least 3 years involve directly working on digital security
• Responding to data and/or security breaches
• Mentoring junior colleagues
• Proposing and leading complex security programs
  • e.g. migrating to cloud, setting up an organization on Mobile Device Management (MDM)
• Securing cloud-based applications
• Excellent communication skills and ability to create materials and deliver messages to recipients of varying backgrounds, includin just the right details for the right context

• Certification as a Professional Security Engineer on Google Cloud Platform or Amazon Web Services
• Ability to craft sensible policy in line with multiple, sometimes conflicting, stakeholder concerns, balancing between convenience, security, accommodating clients, and pushing back
• Ability to efficiently conduct independent research into new platforms, frameworks, and technologies for the purpose of evaluating their safety, security, and suitability for use in various projects

• Involvement in the white hat hacker community!

We offer the following compensation and benefits:

• Competitive salary — the compensation amount is positively correlated with the difficulty of the job, relevant experience, fit, and skill factors.

• Fully remote — due to the global pandemic, we have shifted to a fully remote company for the foreseeable future while we monitor the situation.

• Internet bonus — as we continue to work remotely, we want to ensure that you have access to a reliable connection sufficient for your work.

• Individual professional development budget— an annual budget for conferences, training courses, books, and software is available to sharpen your skills and build new ones to help you grow in your role.

• Full health benefits — generous health insurance package upon hiring.

• Regular 1:1 meetings with the leadership team to discuss career and personal goals, job progress and any questions and concerns.