Head of IT Security & Compliance

We think you also hate when travel app is giving you a headache, right? A slight misinformation can ruin the trip.

That is exactly what we are tackling as t-fam! Making sure that our 50+ million users have the best experience in crafting their own adventure.

#LI-EP1

• Lead and execute the company’s cybersecurity, compliance, and IT risk strategy in alignment with business goals.
• Oversee daily security operations, including threat detection, incident response, and vulnerability management across all environments.
• Ensure compliance with ISO 27001, SOC 2, PCI-DSS, GDPR, PDPA, and other global standards.
• Manage enterprise risk assessments, mitigation planning, and control validations.
• Develop, enforce, and maintain security policies, standards, and procedures.
• Monitor and respond to emerging threats, vulnerabilities, and compliance requirements.
• Conduct and manage internal and external security audits and interface with third-party auditors.
• Review and enhance business continuity, disaster recovery, and incident response plans.
• Monitor security reports and resolve identified issues promptly.
• Leverage security tools to detect, log, and prevent unauthorized access and data loss.
• Support security integration in new technology deployments and project deliveries.
• Drive a security-by-design approach in collaboration with product, engineering, legal, and GRC teams.
• Promote security awareness and lead organization-wide training initiatives.
• Build, lead, and mentor a high-performing security and technology compliance team.
• Collaborate with stakeholders across departments and executive leadership.
• Track and report security risks and continuous improvement opportunities.
• Research and recommend new security technologies and practices.
• Operate and improve the Information Security Management System (ISMS).
• Deliver cyber assurance, governance, and IT quality compliance programs.
• Lead security strategy and execution for cloud services and platforms.
• Stay current with global security trends and evolving threat landscapes.

• 12+ years of experience in IT security, including at least 5 years in a leadership role within a digital-native or high-growth tech company.
• Proven track record in managing security and compliance programs across multiple regions and jurisdictions.
• Deep knowledge of cloud security (AWS, GCP, Azure), DevSecOps, identity & access management, and zero-trust architecture.
• Strong familiarity with global regulatory frameworks and standards (e.g., GDPR, ISO 27001, SOC 2, NIST).Experience navigating audits, certifications, and interfacing with regulatory bodies.
• Excellent stakeholder management and communication skills, especially with executive leadership and board-level audiences.
• Industry certifications (e.g., CISSP, CISM, CISA, CRISC) are a strong plus.

In the event that you haven’t received any updates after 3 weeks, your data will be kept and we may contact you for another career destination. Meanwhile, discover more abouttiket.comonInstagram,LinkedIn, orYouTube.