You’ll help our DPO/InfoSec team strengthen TDG’s security posture across cloud, endpoints, data, and processes—supporting ISO 27001 controls and PDPA compliance while learning real-world incident response, risk assessment, and secure operations.

1. Assist with endpoint and M365/Google Workspace security checks, patch status, and baseline hardening (CIS-aligned).
2. Run basic network and asset discovery; maintain the IT & Data Asset Register .
3. Perform guided scans (e.g., OpenVAS/Nessus/Wazuh) on approved assets, triage findings, and document remediation plans.
4. Contribute to the Risk Register (likelihood × impact) and track mitigations.
5. Draft/update SOPs, policies, and evidence logs for ISO 27001 Annex A controls and PDPA obligations (consent, retention, access).
6. Help with security awareness content (phishing drills, micro-training).
7. Support triage, timeline building, and post-incident RCA & CAPA