Assistant Manager, IT Security and GovernanceNgân Hàng Hong Leong Việt Nam

Job Purpose Summary:
The Job holder shall be responsible for:
• Maintaining and enhancing the overall IT security architecture of the Bank via managing and monitoring network security, tools and system security.
• Implementing and monitoring the security related policies and SOPs to ensure the compliance of Group IT Security Policy, SBV requirements, Decree 13/2023/ND-CP on Personal Data Protection and other regulatory provision from time to time
• IT risk management, audit liaison and other "Protect the Bank" activities.
• Reporting IT incident.
Key Responsibilities and Accountabilities:
Functional (job responsibilities).
1. IT Risk Management & IT Policies
• Overall management of IT risks, enhancement and implementation of bank-wide IT Risk Management Framework, IT Security and Compliance.
• Review and provide advisory on adequacy of IT policies and procedures.
• Conduct IT Security awareness training.
• IT Risk mitigation plans and reporting.
• Define technology Key Risk Indicators for proper risk monitoring.
• Design and enhance IT risk dashboard for management reporting.
• Provide advice and early warning alerts to management base on emerging security threats trend.
• Play as the main liaison for governance and solutions related to Personal Data Protection to ensure the compliance with Decree 13/2023/ND-CP and other regulatory provision from time to time.
2. Security Administration:
• User IDs administration for system, network and application.
• Security software licensing, monitoring and renewal.
• Evaluate, notify and monitor security patches.
• Review new project related to system, network, application and database security requirement.
• Coordinates Network Security Review, Penetration Test exercise and VAPT.
3. IT Project Risk Analysis:
• Participate in projects and provide advice on security and compliance requirement based on basic security control checklists.
• Perform IT risk review on key projects, review accuracy of risk scoring and adequacy of risk mitigation plans.
• Escalate project risk issues (IT Risks) to Working Group Committee or Project Steering Committee.
• Drive technology risk assessment projects with external service engagements.
4. IT Operations Risk Monitoring:
• Perform self-assessment (including system security) on regular basis and highlight any weaknesses.
• Monitor phishing attempts and escalate to bring down the scam sites.
• Coordinates investigation related to network security incidents and follow-up on action plan till resolution.
• Review accuracy of risk scoring and adequacy of risk mitigation plans under the IT RCSA (Risk & Control Self- Assessment) exercise.
• Perform thematic assessment on identified technology risk areas and as per regulatory guidelines' requirements, and thereafter to document observation reports for update to Management.
• Report incident which related to IT.
Managerial (team/group responsibilities)
• Individual contributor
Organizational (organizational responsibilities)
• Timely notifying to management on potential security problems which are not adequately addressed by existing control mechanisms.
• Proper escalate potential security issues to Group IT Security for further remediation or recommendation.