it Security OfficerCông Ty TNHH FPT Trading

Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This position will report directly to CDO to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices.
• Ensure security policies and procedures are defined and implemented across business units and processes. Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
• Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Review security logs and alerts in real time to identify and prevent malicious activities. Identify, investigate, and report on suspected breaches and review findings with relevant stakeholders.
• Consult and support in the designs and implementation of projects in respect of information and IT security. Construct, coordinate and maintain a schedule of internal and external Vulnerability Assessments and Penetration Testing.
• Assist CIO and IT staff with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.

JOB QUALIFICATIONS:

Bachelor's degree or equivalent in Computer Information Systems, Management Information Systems or Computer Science and a minimum of 3 years work experience in the same type of work and 3 years supervisory experience. Prefer Master's Degree or Equivalent.
• Good knowledge of IT security solution like networks security, firewalls, proxies, SIEM, NAC, WAP, IPS, IDS, etc.
• Experience in risk, compliance, and information security policy development.
• Good knowledge of application and infrastructure security control mechanisms.
• Working knowledge of database and application security.
• Good understanding of ISO 27001 standard, NIST, ITIL, OWASP, MITRE, etc.
• Extensive experience in vulnerability assessment and penetration testing.
• Good experience in IT security audit, hardening.
• Good experience in IT security monitoring, incident response.
• Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.
• Good at English communication skills.

BENEFITS: