Location: Hanoi/Ho Chi Minh City
Reports to: Information Security Manager / Lead
About the company
EV Search’s Client – A leading bank in Digital Transformation field.
JOB DESCRIPTION
Purpose of the Role:
- Planning/studying/designing and implementing clould strategy/solution/architect on multi cloud
- Buildup/implementing/control apply security control on multi cloud
- Analyze/Developing prerequisites for cloud
- Practice with modern DevSecOps with automation (nice to have) Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Researching and implementing the updated security standards, systems, and best practices
- Detect and handle risks for IT systems, improve and maintain compliance
- Performing vulnerability assessment, security testing, and risk analysis
- Improving security standards & quality IT security services & reports
- Control and promote the implementation develop of IT security
- Test and evaluate new security solution/new security technology
Primary Responsibilities
- Cloud Cybersecurity risk and compliance framework and management:
- Accountable for development of the Cloud Security Design framework for new technology solutions
- Responsible for embedding best practice security through evaluation of suppliers
- Responsible for establishing security requirements needed to provide services securely
- Ensure compliance to current standards ISO27001, 27017-27018, PCI-DSS
- Defining requirements for risk and security and ensuring they are achieved
- Drive cyber security strategy compliance
- Align activities to current BAU audit activities from legacy business to ensure consistency in approach
- Manage and liaise with regulators
- Identify, highlight and remediate information security risk in the Bank Policy, Standards and Processess
- Planning, studying and then designing a resistant security architecture for various IT/IT Security projects (clould/onpremise)
- Test and evaluate new security solution/new security technology
- Make sure that all workers follow the necessary corporate security policies and procedures that are defined, developed, implemented, and maintained for a seamless workflow.
- Create standards for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices... You have to determine their efficacy and efficiency.
- Buildup/develop security architect rule and apply to practice
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
Operations, Reporting and Administration
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Control approves the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Contribute to the IT Security Dash Board for Management
- Work with both internal/external audit during audit programs
- Training IT security awareness
- Collect, analyze and produce report for IT Security every month
Area of Information Security Specilization
- Provide the appropriate guidance and advisory in the area of specialization
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization
JOB REQUIREMENT
- Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
- Has appropriate subject matter expertise in their area of information security specialization
- Have at least a minimum of 5 years of experience in the area of specialization
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,...), ITIL
- Work experience with one or more cloud service providers
- Deep understanding of cloud service architecture with emphasis on security in the cloud
- Solid understanding of modern information security methodologies and standards, especially in cloud environment
- Cloud/Security certification desired
- Knowledge and experience supporting IAM, security operations and threat response
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
- Expert with architect, security technology, integration
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Experienced in implementing ISO27000/PCI-DSS is preferred
- Have good knowledge with secure coding with some languages: Python, Shell, PHPand have good knowledge with encryption, cryptography techniques.
How to apply?
- For further information, please feel free to contact me via e-mail: khanhlinh.lenguyen@employmentvietnam.com or via Phone (0975522532) for a confidential discussion!
- Please be noted that only shortlisted candidates will be contacted.
All applications will be considered without regard to race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organisation, parental status, military service or other nonmerit factor
