Cybersecurity risk and compliance framework and management:
Identify, highlight and remediate information security risk in Company
Policy, Standards and Processes:
Comply with Company’s Information Security Policy, Regulations, Standards, and Process
Provide feedback to enhance the current policies, regulations, standards and processes where necessary
Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
Security operation & administration:
Apply new security standards/technique guidle to Company
Ensure that the Information Security Strategy and Plans are implemented as planned.
Proposing of technological solutions/technology to ensure information security in order to improve the current security status of the information system. Coordinate with project members to implement the roadmap.
Control approves the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
Contribute to the IT Security Dash Board for Management
Training IT security awareness.
Area of Information Security Specialization:
Provide the appropriate guidance and advisory in the area of specialization
Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization
Job Requirement
Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum).
Has appropriate subject matter expertise in their area of information security specialisation.
3 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI-DSS…), ITIL.
Have good knowledge about: network security, system security, application security and viruses/malware, secure encryption.
Have in-depth knowledge of architecture, security technology, and integration.
Have good knowledge of pen testing with OWSAP Standard and the ability to detect & exploit vulnerabilities and network attacks.
Good use/Knowing of some security technologies: Encryption, PKI, BYOD, DLP, PIM, ...
Experience in implementing ISO27000/PCI-DSS is preferred.
Have good knowledge of encryption and encryption techniques.
Have ability to read and understand the professional documents in English.