1. Cloud Cybersecurity risk and compliance framework and management:
- Accountable for development of the Cloud Security Design framework for new technology solutions.
- Responsible for embedding best practice security through evaluation of suppliers.
- Responsible for establishing security requirements needed to provide services securely.
- Ensure compliance to current standards ISO27001, 27017-27018, PCI-DSS.
- Defining requirements for risk and security and ensuring they are achieved.
- Drive cyber security strategy compliance.
- Align activities to current BAU audit activities from legacy business to ensure consistency in approach.
- Manage and liaise with regulators.
- Identify, highlight and remediate information security risk in the Bank
2. Policy, Standards and Processes:
- Planning, studying and then designing a resistant security architecture for various IT/IT Security projects (clould/onpremise).
- Test and evaluate new security solution/new security technology.
- Make sure that all workers follow the necessary corporate security policies and procedures that are defined, developed, implemented, and maintained for a seamless workflow.
- Buildup/develop security architect rule and apply to practice.
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process.
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary.
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
3. Operations, Reporting and Administration:
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management.
- Contribute to the IT Security Dash Board for Management.
- Work with both internal/external audit during audit programs.
- Training IT security awareness.
- Collect, analyze and produce report for IT Security every month
4. Area of Information Security Specialization:
- Provide the appropriate guidance and advisory in the area of specialization.
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization.
1. Trình độ đào tạo/ Educational Qualifications
- Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum).
- Has appropriate subject matter expertise in their area of information security specialization.
2. Kiến thức/ Chuyên môn cần có/ Relevant Knowledge/ Expertise
- Have at least a minimum of 5 years of experience in the area of specialization.
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL.
- Work experience with one or more cloud service providers.
- Deep understanding of cloud service architecture with emphasis on security in the cloud.
- Solid understanding of modern information security methodologies and standards, especially in cloud environment.
- Cloud/Security certification desired.
- Knowledge and experience supporting IAM, security operations and threat response.
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python).
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding.
- Expert with architect, security technology, integration.
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack.
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux.
- Experienced in implementing ISO27000/PCI-DSS is preferred.
- Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques.
