Job Description

JOB PURPOSE

Planning/studying/designing and implementing clould strategy/solution/architect on multi cloud
Buildup/implementing/control apply security control on multi cloud
Analyze/Developing prerequisites for cloud
Practice with modern DevSecOps with automation (nice to have) Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
Researching and implementing the updated security standards, systems, and best practices
Detect and handle risks for IT systems, improve and maintain compliance
Performing vulnerability assessment, security testing, and risk analysis
Improving security standards & quality IT security services & reports
Control and promote the implementation develop of IT security
Test and evaluate new security solution/new security technology

Responsibilities

1. Cybersecurity risk and compliance framework and management:

Identify, highlight and remediate information security risk in the Bank

2. Policy, Standards and Processes

Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
Provide feedback to enhance the current policies, regulations, standards and processes where necessary
Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes

3. Security operation & administration

Research/develop new security standards/technique guidle and apply to bank
Ensure that the Information Security Strategy and Plans are implemented as planned.
Proposing the development of technological solutions to ensure information security in order to improve the current security status of the information system. Coordinate with project members to implement the roadmap.
Implement/control and/or maintain security solutions/devices/tools as WAF, Firewall, IPS, PIM, DLP, vulnerabilities management, Encryption, 2-factor auth,...
Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
Contribute to the IT Security Dash Board for Management
Training IT security awareness

4. Area of Information Security Specialization

Provide the appropriate guidance and advisory in the area of specialization
Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization

Qualifications

1. Educational Qualifications

· Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)

· Has appropriate subject matter expertise in their area of information security specialisation

2. Relevant Knowledge/ Expertise

Have at least a minimum of 5 years of experience in the area of specialization
Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL
Work experience with one or more cloud service providers
Deep understanding of cloud service architecture with emphasis on security in the cloud
Solid understanding of modern information security methodologies and standards, especially in cloud environment
Cloud/Security certification desired
Knowledge and experience supporting IAM, security operations and threat response
Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
Expert with architect, security technology, integration
Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux
Experienced in implementing ISO27000/PCI-DSS is preferred
Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques

3. Skills