Manager, IT Security

We’re hiring a hands‑on IT Security Manager to own product, cloud, and corporate security across Pixlr. You’ll define and run our security program, from policy and risk to AppSec and incident response, while partnering closely with Engineering, IT, Product, Legal, and Operations.

• Establish and maintain the security policy stack, aligned with ISO 27001, SOC 2 controls, and applicable privacy regulations (e.g., PDPA, GDPR).
• Conduct security risk assessments, vendor and third‑party reviews, and data classification activities.
• Support audit readiness through evidence collection, control testing, and maintenance of security control mappings.

• Embed security practices within the software development lifecycle, including threat modelling, secure coding standards, and security reviews.
• Own and operate application security tooling within CI/CD pipelines, including static, dynamic, and dependency analysis.
• Guide engineering teams on secure design principles, OWASP Top 10, API security, and supply‑chain risk considerations.

• Implement and operate cloud security controls across AWS environments, including identity management, logging, monitoring, and threat detection services.
• Define baseline hardening standards, guardrails, and policy‑as‑code controls for cloud and infrastructure environments.
• Drive container, serverless, and data protection security practices, including encryption and key management.

• Develop and maintain incident response plans and coordinate security incident handling with Engineering and IT teams.
• Operate centralised security logging, alerting, and detection capabilities.
• Maintain business continuity and disaster recovery security requirements, including backup and recovery verification.

• Enforce identity lifecycle management and access controls across cloud platforms, SaaS systems, and data environments.
• Partner with Legal and Data teams on privacy impact assessments, data retention practices, and data loss prevention controls.

• Deliver security awareness and role‑based training for engineering, product, and operations teams.
• Define and track security operational metrics to monitor risk, control coverage, and remediation effectiveness.
• Balance security requirements with delivery velocity and cost considerations through cross‑functional collaboration.

• 6–10 years of experience in IT or application security, including ownership of security programmes or AppSec/CloudSec functions.
• Strong hands‑on experience with application security, secure SDLC practices, and vulnerability management.
• Practical expertise in AWS security services, identity and access management, and cloud security monitoring.
• Experience with common security tooling, including SAST, DAST, dependency scanning, secret management, and security logging platforms.
• Solid understanding of security governance frameworks and regulatory principles, including ISO 27001, SOC 2, PDPA, and GDPR.
• Proven ability to lead incident response activities and communicate security risks clearly to technical and non‑technical stakeholders.

• Certifications: CISSP, CCSP, AWS Security Specialty, ISO 27001 Lead Implementer/Auditor.
• Experience with creative/EdTech or high‑scale consumer SaaS; exposure to SOC 2/ISO27001 journeys and GRC platforms (e.g., Drata/Vanta).
• Container/Kubernetes security, serverless security, and SBOM/supply chain practices.

• Annual Leaves- Additional annual leave will be credited to you on a yearly basis.
• Medical and Insurance Coverages - We have got you covered.
• Subsidies - Enhancing your well‑being, you will receive optical and dental subsidies.
• Opportunities - Above training and guidance, you will have the opportunity to try, to build your confidence and become your best self, and to interact and build a strong relationship.
• Rocking Diversity- Play hard, work harder with people of diverse skill sets and experiences! Challenge yourself to step out of your comfort zone, and you'll find yourself growing in ways you’d never imagine.