Chief Information Security Officer - Giám đốc Bảo mật An ninh thông tin - TA165

Hiring of an experienced Chief Information Security Officer (CISO) provides necessary expertise and leadership to actively implement policies and compliance that was inadequate in the bank. CISO will also train and up-skill IT security best practices to improve quality of controls, governance and monitoring activities:
Oversee IT security risk and vulnerabilities management for VPBank
Develop VPbank security strategy and roadmap
Establish and implement security-related policies and guidelines
Own the information security initiatives for IT Division
Design and build the security practice and the organization's security architecture
Provide leadership in project(s) to ensure "security design" principles and approaches are incorporated into IT systems
Manage and report on IT/cyber security vulnerabilities and risks. Including performing periodic IT security control testing, (e.g., vulnerability testing, risk analysis and security assessments) are carried out and remediate gaps identified within defined timeframe
Perform PCI-DSS Assessments and fulfil PCI-DSS obligations for current and new projects and systems
Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls
Manage IT/ Cyber security incidents and liaise with various IT functions, Risk and Compliance, and business users
Direct external vendors/investigators in conducting electronic discovery and digital forensic investigations when required
Participate and working with other high-level executives to establish disaster recovery (DR) and business continuity plans
1. Educational Qualifications
Bachelor in IT/Computer Science & CISSP/CISA (preferred)
Other higher qualifications / certificates is a plus
​
2. Relevant Knowledge/ Expertise
Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
Knowledge in Security compliance, in particular PCI-DSS.
Knowledge of ISO 27001/2 information security standards
Knowledge of current IT industry trends.
Knowledge and understanding of relevant legal and regulatory requirements.
Knowledge of common information security management frameworks.
3. Skills cần có
Strong interpersonal, relational, and collaboration skills with senior management and department heads to provide Information security services.
Strong analytical and logical thinking skills
Ability for multitasking and working accurately at the same time
Excellent presentation and communication skills
Strong verbal and written communication skills in English
4. Các kinh nghiệm liên quan/ Relevant Experience
At least 8 to 10 years of working experience in supporting IT/cyber security operations, risk assessment, audit and compliance.
Preferably having spent some 4 to 6 years in security consulting services and 2 to 3 years in Global MNC.
Must have B2C industry experience.
Experience in managing customer data in an eCommerce environment is a plus.
Adaptable and able to follow through from design to implementation.
Ability to weigh business risks and enforce appropriate information security measures
Strong skills in managing vendor relationships.
Experience in working with high performance teams and understand the dynamics of teamwork in an international Security Operations Centre (SOC) environment
Job tags:
Chief Information Security Officer - Giám đốc Bảo mật An ninh thông tin - TA