Cloud Cybersecurity risk and compliance framework and management:
- Accountable for development of the Cloud Security Design framework for new technology solutions
- Responsible for embedding best practice security through evaluation of suppliers
- Responsible for establishing security requirements needed to provide services securely
- Ensure compliance to current standards ISO27001, 27017-27018, PCI-DSS
- Defining requirements for risk and security and ensuring they are achieved
- Drive cyber security strategy compliance
- Align activities to current BAU audit activities from legacy business to ensure consistency in approach
- Manage and liaise with regulators
- Identify, highlight and remediate information security risk in the Bank
Policy, Standards and Processes
- Planning, studying and then designing a resistant security architecture for various IT/IT Security projects (clould/onpremise)
- Test and evaluate new security solution/new security technology
- Make sure that all workers follow the necessary corporate security policies and procedures that are defined, developed, implemented, and maintained for a seamless workflow.
- Create standards for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices... You have to determine their efficacy and efficiency.
- Buildup/develop security architect rule and apply to practice
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
- Operations, Reporting and Administration
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Contribute to the IT Security Dash Board for Management
- Work with both internal/external audit during audit programs
- Training IT security awareness
- Collect, analyze and produce report for IT Security every month
Area of Information Security Specialization
- Provide the appropriate guidance and advisory in the area of specialization
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization
Trình độ đào tạo
Educational Qualifications
- Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
- Has appropriate subject matter expertise in their area of information security specialisation
Kiến thức/ Chuyên môn cần có
Relevant Knowledge/ Expertise
- Have at least a minimum of 5 years of experience in the area of specialization
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL
- Work experience with one or more cloud service providers
- Deep understanding of cloud service architecture with emphasis on security in the cloud
- Solid understanding of modern information security methodologies and standards, especially in cloud environment
- Cloud/Security certification desired
- Knowledge and experience supporting IAM, security operations and threat response
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
- Expert with architect, security technology, integration
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Experienced in implementing ISO27000/PCI-DSS is preferred
- Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques
Các kỹ năng/ Skills cần có
- Have ability to read and understand the professional documents in English.
- Strong interpersonal and communication skill
- Be able to catch up and manage works quickly and effectively
- Be able to work independently with high pressure, good in teamwork
- Careful, responsible, and secure in protecting information/data belong to Bank
- Good knowledge of risk management principles, methodology and practice
- Preferred Fluent in English
