Vice President, Technology Risk Head

Job Purpose

To effectively manage Technology risks. The Technology and Information Security Risk Manager shall oversee all IT related rules, regulations, issuances, and standards and ensure that CIMB Bank Vietnam is compliant. Under the guidance of Head of Risk, the incumbent shall assess and manage threats/risk, including Information Security and Data Privacy on the bank's existing and new Electronic Payments and Financial Services/Products and the platforms used.

The incumbent shall work closely with the related business units and local regulators where applicable as part of the incumbent's accountability to assist the Head of Risk in managing CIMB Bank Vietnam's Technology and Information Security risk.

Key Responsibilities

The Key Responsibilities of the Technology Risk Head are as follows:

1. Provides sound direction, guidance, advice, and consultation to business units concerning Technology and Information Security risk.

2. Develop policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.

3. Lead third-party assessments to adhere to the company's controls over Outsourced Service Provider, including IT due diligence, data privacy, and cyber resiliency.

4. Participates in IT projects to implement baseline security requirements for a network, Operating system, databases, and other IT appliances to support banking systems.

5. Perform periodic compliance review over Information Security to evaluate the adequacy and effectiveness of the overall information security control posture and data privacy.

6. Research on the latest threats and vulnerabilities and, where appropriate, advise the Technology team on the mitigation and remediation.

7. Review, assess, and perform penetration tests and vulnerability assessments on information systems and infrastructure.

8. Participate in investigating any security violations by providing post-mortem analysis to illuminate the issues and possible solutions.

9. Facilitates Information Security Awareness to new and existing employees and consultants regularly.

10. Ensure compliance to internal and regulatory requirement

11. Provide updates to governance committee on policy related matters, risks and areas of concern as identified from time-to-time.

Relevant degree or equivalent from a recognized University

• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are preferred.
• ITIL, ISO27001, and COBIT Certification are preferred.
• Science & Statistics are an advantage
• With at least 10 years of working experience in a technology risk function, preferably at the managerial level.
• With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc.
• A detail-oriented person with the desire to help business units meet regulatory expectations and improve the organization's information security and technology risk practices.
• With proven ability to establish relationships and exert influence at senior levels, regulators, and other external stakeholders.
• Technical expertise in security-related systems and cyber incident investigation.
• Proven knowledge of various security frameworks and standards related to IT infrastructure such as network, operating system, databases, and other IT appliances.
• Experience and/or Technical proficiency in analyzing security threats and vulnerabilities, including the execution of VAPT.
• Take independent action or proactively create opportunities to resolve or prevent problems in keeping with the role.
• A strategic thinker with the ability to manage and give leadership to subordinates
• Strong integrity, independence, robustness, and resilience
• Sharp business acumen, including the ability to assess risk
• Strong leadership qualities, excellent interpersonal skill, and analytical skill
• Demonstrated ability to make appropriate and effective decisions under pressure

• 13th month salary
• Year-end bonus based on performance rating
• Professional working environment
• Private insurance (Generali) for staff (included spouse and children)
• 15-18 Annual leave per year