IT Security Governance Expert - TA171

1. Build up action plan to Implement Cybersecurity Risk and Compliance frameworks, standards:

• Coordinate VPB Risk Division to develop and implement risk management framework.
• Develop and maintain list of IT security regulations, processes, standards, and guidelines.
• Coordinate with IA, Risk divisions to build up and implement scheduled and adhoc compliance programs.         
• Perform the role of Cybersecurity Advisory to new and existing systems to reduce cybersecurity risks on a regular basis.
• Produce cybersecurity requirements for all systems to protect and reduce the cybersecurity risk for the Bank.
• Ensure that third party risks are managed!
• Manage the relevant stakeholders so that they understand the risks and be guided in making the right risk decisions for the Bank.
• Ensure all Cybersecurity Risk are recorded, tracked, and addressed in the agreed timeline.

2. Cybersecurity Policy & Standards

• Define and implement compliance program against global standard (PCIDSS, ISO 27001, SBV regulations…)
• Coordinate with other IT units to develop policies, standards, and technical processes to meet VPBank's IT security needs.
• Implement controls and regularly evaluate to ensure third parties properly access to Vpbank IT environment.
• Play key role to implement and maintain the compliance against PCI DSS, ISO 27001.
• Be a person in charge to ensure the IT security findings, gaps are remediated timely.
• Involve to build up, implement, review the user role matrix to IT systems

3. Cybersecurity Awareness

• Develop and implement IT Security Awareness program effectively.
• Review and update the Awareness program to ensure relevancy to the current cybersecurity threats.
• Engage the target audience with the relevant cybersecurity materials and methods to instill a cybersecurity mindset.

4. Reporting and Administration

• Be a person in charge of controlling and approving IT service requests related to IT security manners.
• Develop and maintain the IT security metric to measure the effectiveness of security controls.
• Lead and support CISO to develop key indicators to monitor and improve IT security services such as SLA, KRI, RPO, RTO, etc.
• Develop the dashboard, collect data, and maintain the security dashboard for security controls (vulnerability management, metric, compliance…)
• Be a person in charge to develop SBV regular or adhoc reports relate to IT security manners.

5. Leadership

• Demonstrate and guide the team to achieving the cybersecurity goals to secure the Bank.
• Develop the team members to ensure that their skills meet the requirements of Business initiatives

6. Projects

• Build up the cybersecurity capabilities to strengthen the cybersecurity posture of the Bank

1. Educational Qualifications

• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
• IT Security and project management certificates is an advance.

2. Relevant Knowledge/ Expertise

• 5 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI DSS, SBV regulation…)
• 3 years or more of working experience in at least one of domains: Identity Access management, risk management, compliance management, program management.
• Have good knowledge about: Compliance, risk, access, and third-party management.
• Have basic IT security technical knowledge: Security controls for network, system, application, identity management.
• Knowledge of cybersecurity management framework: NIST, CIS... is preferred.
• Have experience of IT security related procedure, process, policy, regulation development, reviewing, and updating.
• Have good knowledge of Cyber security defense model of the bank.
• Have experience in software development lifecycle.
• Have good knowledge in the organization model of the bank.
• Have ability to read and understand the professional documents in English.          
• Strong interpersonal and communication skill