Cybersecurity Officer

At Toku, we create bespoke cloud communications and customer engagement solutions to reimagine customer experiences for enterprises. We provide an end-to-end approach to help businesses overcome the complexity of digital transformation in APAC markets and enhance their CX with mission-critical cloud communication solutions. Toku combines local strategic consulting expertise, bespoke technology, regional in-country infrastructure, connectivity and global reach to serve the diverse needs of enterprises operating regionally.

This role offers broad exposure over a number of information security aspects, including GRC, InfoSec, Cybersecurity and more. In addition, you be part of a new and growing security function at Toku, and will be highly visible across stakeholders and teams, liaising regularly with senior architecture, development, cybersecurity and network stakeholders both in-house and externally. Join us as we strengthen our security posture, inspire a culture of compliance, and drive our organization towards a secure and resilient future.

**What would you be doing?**
- Identify and evaluate existing security risks, both in-house and on client projects, and implement enhancements.
- Develop and implement comprehensive cybersecurity policies and procedures.
- Formulate and institute robust policies, procedures, and standards for secure technology utilization.
- Provide Information Security advisory services, focusing on cybersecurity strategy and governance.
- Attend client site meetings, answering clients’ risk management and security questions and addressing / reporting security concerns.
- Conduct regular risk assessments to identify and mitigate potential security threats.
- Develop risk management strategies and implement appropriate security measures.
- Lead the organization’s incident response efforts, including detection, investigation, and remediation of security incidents.
- Design and implement security architecture for new and existing systems.
- Ensure the security of software development lifecycle (SDLC) and CI/CD processes.
- Collaboratively work with security vendors for incident response and alerts monitoring.
- Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation.
- Ensuring audit trails, system logs and other monitoring data sources are reviewed periodically and follow and adhere to regulatory policies.
- Stay up to date on latest security trends and standards, conduct research on security improvements and provide recommendations to clients and stakeholders.
- Proactively manage and report on security findings, ensuring timely communication and follow-up with the client on mitigation or resolution efforts.

**We would love to hear from you if you have**:

- A degree in a reputable university.
- Proven experience in cybersecurity, with strong understanding of security requirements analysis, testing, and validation processes.
- Professional information security certifications such as CISSP, CompTIA Security+, AWS Security Certifications, or equivalent are a bonus for this role.
- Confidence in presenting, with strong verbal and written business communication skills, and the ability to educate a non-technical audience about various security measures.
- Excellent analytical skills and attention to detail.
- In-depth knowledge of cybersecurity principles, practices, and technologies.
- Strong understanding of risk management and incident response processes.
- Familiarity with industry standards and regulatory requirements (e.g., ISO27001, SOC2, GDPR).
- Experience with security monitoring tools and technologies.
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Relevant certifications such as CISSP, CISM, or CEH.
- Knowledge of current cybersecurity threats and trends.

**If you would love to experience working in a start-up growing at an accelerated speed, and you think you tick most of the requirements, join us