CVCC Bảo mật CNTT - TA171

1. Cybersecurity risk and compliance framework and management:

• Work with VPB Risk Division to develop and adopt risk management framework.                               
• Perform the role of Cybersecurity Advisory to new and existing systems to reduce cybersecurity risks on a regular basis.
• Produce cybersecurity requirements for all systems to protect and reduce the cybersecurity risk for the Bank.
• Ensure that third party risks are managed!
• Manage the relevant stakeholders so that they understand the risks and be guided in making the right risk decisions for the Bank.
• Ensure all Cybersecurity Risk are recorded, tracked and addressed in the agreed timeline.
• Ensure that the IT Security services are effectively implemented

2. Cybersecurity Policy & Standards

• Ensure that Cybersecurity Policies and Standards are aligned to SBV requirements and the desired cybersecurity posture of the Bank.
• Co-ordinate with other teams to develop technical policies, standards, procedures align with VPB Cybersecurity requirements.
• Develop guidelines to provide directions to stakeholders.

3. Cybersecurity Awareness

• Ensure that the Awareness program is implemented effectively.
• Review and update the Awareness program to ensure relevancy to the current cybersecurity threats.
• Engage the target audience with the relevant cybersecurity materials and methods to instill a cybersecurity mindset.

4. Reporting and Administration

• Control approves the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management           
• Work with both internal/external audit during audit programs
• Collect, analyze and produce report for IT Security every month             

5. Leadership

• Demonstrate and guide the team to achieving the cybersecurity goals to secure the Bank.
• Develop the team members to ensure that their skills meet the requirements of Business initiatives

6. Projects

• Build up the cybersecurity capabilities to strengthen the cybersecurity posture of the Bank

1. Educational Qualifications

• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)

2. Relevant Knowledge/ Expertise

• 3 years or more of working experience in IT/IT security banking, good knowledge international IT security standards (ISO 270001, PCI-DSS…), ITIL
• Have good knowledge about: SBV regulation, risk management best practice.
• Have basic IT Security technical knowledge: Security controls for network, system, application, identity management.
• Knowledge for cybersecurity management framework: NIST, CIS.. is preferred.
• Have experience on IT security related procedure, process, policy, regulation development, reviewing, and updating.
• Be able to catch up and manage work quickly and effectively.
• Be able to work independently with high pressure, good in teamwork.
• Careful, responsible, and secure in protecting information/data belong to Bank
• Good knowledge of risk management principles, methodology and practice        
• Preferred Fluent in English