1. Build up action plan to Implement Cybersecurity Risk and Compliance frameworks, standards:
Coordinate VPB Risk Division to develop and implement risk management framework.
Develop and maintain list of IT security regulations, processes, standards, and guidelines.
Coordinate with IA, Risk divisions to build up and implement scheduled and adhoc compliance programs.
Perform the role of Cybersecurity Advisory to new and existing systems to reduce cybersecurity risks on a regular basis.
Produce cybersecurity requirements for all systems to protect and reduce the cybersecurity risk for the Bank.
Ensure that third party risks are managed!
Manage the relevant stakeholders so that they understand the risks and be guided in making the right risk decisions for the Bank.
Ensure all Cybersecurity Risk are recorded, tracked, and addressed in the agreed timeline.
2. Cybersecurity Policy & Standards
Define and implement compliance program against global standard (PCIDSS, ISO 27001, SBV regulations…)
Coordinate with other IT units to develop policies, standards, and technical processes to meet VPBank's IT security needs.
Implement controls and regularly evaluate to ensure third parties properly access to Vpbank IT environment.
Play key role to implement and maintain the compliance against PCI DSS, ISO 27001.
Be a person in charge to ensure the IT security findings, gaps are remediated timely.
Involve to build up, implement, review the user role matrix to IT systems
3. Cybersecurity Awareness
Develop and implement IT Security Awareness program effectively.
Review and update the Awareness program to ensure relevancy to the current cybersecurity threats.
Engage the target audience with the relevant cybersecurity materials and methods to instill a cybersecurity mindset.
4. Reporting and Administration
Be a person in charge of controlling and approving IT service requests related to IT security manners.
Develop and maintain the IT security metric to measure the effectiveness of security controls.
Lead and support CISO to develop key indicators to monitor and improve IT security services such as SLA, KRI, RPO, RTO, etc.
Develop the dashboard, collect data, and maintain the security dashboard for security controls (vulnerability management, metric, compliance…)
Be a person in charge to develop SBV regular or adhoc reports relate to IT security manners.
5. Leadership
Demonstrate and guide the team to achieving the cybersecurity goals to secure the Bank.
Develop the team members to ensure that their skills meet the requirements of Business initiatives
6. Projects
Build up the cybersecurity capabilities to strengthen the cybersecurity posture of the Bank
Yêu Cầu Công Việc
1. Educational Qualifications
Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
IT Security and project management certificates is an advance.
2. Relevant Knowledge/ Expertise
5 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI DSS, SBV regulation…)
3 years or more of working experience in at least one of domains: Identity Access management, risk management, compliance management, program management.
Have good knowledge about: Compliance, risk, access, and third-party management.
Have basic IT security technical knowledge: Security controls for network, system, application, identity management.
Knowledge of cybersecurity management framework: NIST, CIS... is preferred.
Have experience of IT security related procedure, process, policy, regulation development, reviewing, and updating.
Have good knowledge of Cyber security defense model of the bank.
Have experience in software development lifecycle.
Have good knowledge in the organization model of the bank.
Have ability to read and understand the professional documents in English.
