IT Security Governance Expert - TA171

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.

• Receive alerts with new job opportunities that match your interests
• Receive relevant communications and updates from our organization
• Share job opportunities with family and friends through Social Media or email

1. Build up action plan to Implement Cybersecurity Risk and Compliance frameworks, standards:

• Coordinate VPB Risk Division to develop and implement risk management framework.
• Develop and maintain list of IT security regulations, processes, standards, and guidelines.
• Coordinate with IA, Risk divisions to build up and implement scheduled and adhoc compliance programs.
• Perform the role of Cybersecurity Advisory to new and existing systems to reduce cybersecurity risks on a regular basis.
• Produce cybersecurity requirements for all systems to protect and reduce the cybersecurity risk for the Bank.
• Ensure that third party risks are managed!
• Manage the relevant stakeholders so that they understand the risks and be guided in making the right risk decisions for the Bank.
• Ensure all Cybersecurity Risks are recorded, tracked, and addressed in the agreed timeline.

2. Cybersecurity Policy & Standards

• Define and implement compliance program against global standard (PCIDSS, ISO 27001, SBV regulations…)
• Coordinate with other IT units to develop policies, standards, and technical processes to meet VPBank's IT security needs.
• Implement controls and regularly evaluate to ensure third parties properly access to Vpbank IT environment.
• Play key role to implement and maintain the compliance against PCI DSS, ISO 27001.
• Be a person in charge to ensure the IT security findings, gaps are remediated timely.
• Involve to build up, implement, review the user role matrix to IT systems.

3. Cybersecurity Awareness

• Develop and implement IT Security Awareness program effectively.
• Review and update the Awareness program to ensure relevancy to the current cybersecurity threats.
• Engage the target audience with the relevant cybersecurity materials and methods to instill a cybersecurity mindset.

4. Reporting and Administration

• Be a person in charge of controlling and approving IT service requests related to IT security manners.
• Develop and maintain the IT security metric to measure the effectiveness of security controls.
• Lead and support CISO to develop key indicators to monitor and improve IT security services such as SLA, KRI, RPO, RTO, etc.
• Develop the dashboard, collect data, and maintain the security dashboard for security controls (vulnerability management, metric, compliance…)
• Be a person in charge to develop SBV regular or adhoc reports relate to IT security manners.
• Demonstrate and guide the team to achieving the cybersecurity goals to secure the Bank.
• Develop the team members to ensure that their skills meet the requirements of Business initiatives.

5. Projects

• Build up the cybersecurity capabilities to strengthen the cybersecurity posture of the Bank.

1. Educational Qualifications

• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum).
• IT Security and project management certificates is an advance.
• 5 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI DSS, SBV regulation…).
• 3 years or more of working experience in at least one of domains: Identity Access management, risk management, compliance management, program management.
• Have good knowledge about: Compliance, risk, access, and third-party management.
• Have basic IT security technical knowledge: Security controls for network, system, application, identity management.
• Knowledge of cybersecurity management framework: NIST, CIS... is preferred.
• Have experience of IT security related procedure, process, policy, regulation development, reviewing, and updating.
• Have good knowledge of Cyber security defense model of the bank.
• Have experience in software development lifecycle.
• Have good knowledge in the organization model of the bank.
• Have ability to read and understand the professional documents in English.
• Strong interpersonal and communication skill.

By joining our Talent Network you have not officially applied to a position.