Job Summary
Job description
Overview of job
1. Cloud Cybersecurity risk and compliance framework and management:
- Accountable for development of the Cloud Security Design framework for new technology solutions.
- Responsible for embedding best practice security through evaluation of suppliers.
- Responsible for establishing security requirements needed to provide services securely.
- Ensure compliance to current standards ISO27001, 27017-27018, PCI-DSS.
- Defining requirements for risk and security and ensuring they are achieved.
- Drive cyber security strategy compliance.
- Align activities to current BAU audit activities from legacy business to ensure consistency in approach.
- Manage and liaise with regulators.
- Identify, highlight and remediate information security risk in the Bank
2. Policy, Standards and Processes:
- Planning, studying and then designing a resistant security architecture for various IT/IT Security projects (clould/onpremise).
- Test and evaluate new security solution/new security technology.
- Make sure that all workers follow the necessary corporate security policies and procedures that are defined, developed, implemented, and maintained for a seamless workflow.
- Buildup/develop security architect rule and apply to practice.
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process.
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary.
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
3. Operations, Reporting and Administration:
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management.
- Contribute to the IT Security Dash Board for Management.
- Work with both internal/external audit during audit programs.
- Training IT security awareness.
- Collect, analyze and produce report for IT Security every month
4. Area of Information Security Specialization:
- Provide the appropriate guidance and advisory in the area of specialization.
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization.
Our corporate culture is nurtured and built on six core values.
Join VPBank, you will experience a great opportunity to work in our professional environment with ‘Customer Focus’ and ‘Trust’ orientation. With more than 7.000 employees with various positions from back office to front office, we all have our clients and the priority of every position is to gain their reliance and commitment. Your contribution will be the measure of our organization’s success.
We provide ‘not just a Job, but a Career’. ‘People Development’ is chosen to be one of the most important corporation’s strategy. We create product training courses and give on-the-job training for newcomers & employees as well as organize many exciting internal activities to connect people. Ambitious and eager to thrive, we also have bonus & rewards to recognize best-sellers and excellent employees.
VPBank is becoming a desirable destination for talent in the banking and finance industry. You will receive great support from your colleagues and managers with modern technology facilities. We believe that the strength raises from within, thus we create a diverse but unified, proactive and flexible working environment for enhancing our ‘productivity’.
‘Make the difference’, you can shine bright!
Job Requirement
1. Trình độ đào tạo/ Educational Qualifications
- Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum).
- Has appropriate subject matter expertise in their area of information security specialization.
2. Kiến thức/ Chuyên môn cần có/ Relevant Knowledge/ Expertise
- Have at least a minimum of 5 years of experience in the area of specialization.
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL.
- Work experience with one or more cloud service providers.
- Deep understanding of cloud service architecture with emphasis on security in the cloud.
- Solid understanding of modern information security methodologies and standards, especially in cloud environment.
- Cloud/Security certification desired.
- Knowledge and experience supporting IAM, security operations and threat response.
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python).
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding.
- Expert with architect, security technology, integration.
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack.
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux.
- Experienced in implementing ISO27000/PCI-DSS is preferred.
- Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques.
Languages
-
English
Speaking: Intermediate - Reading: Intermediate - Writing: Intermediate
Technical Skill
- DevSecOps
- AWS
- Cryptography
- PHP
- Information Security
- PowerShell
- Python
- Architecture
- Encryption
- ITIL
- Bash
- ISO
- IT Security
- PCI
- IAM
BUSINESS PROFILE
VPBank (Vietnam Prosperity Joint-Stock Commercial Bank) is one of the earliest-established Joint-stock Commercial banks in Vietnam with over 200 transaction points nationwide.
VPBank was established in 1993. As a member of the group of 12 leading banks in Vietnam (G12), VPBank is taking steps to reaffirm its reputation as a dynamic bank with stable financial capacity and responsibility to the community. To achieve this ambitious vision, VPBank has implemented an aggressive growth strategy for the period 2012 - 2017 with the support of McKinsey, one of the world’s leading consulting companies. Accordingly, VPBank will focus on organic growth in targeted customer segments, build up foundation systems expeditiously to serve its growth needs, and monitor opportunities in the market actively.
The development of human resources is one of the key activities in the development strategy of our bank. At VP Bank, the staff are working in a dynamic and professional environment, and we also organize the training courses for enhancing the employees's skills and bring the promotion opportunities to all staff of the bank.