JOB PURPOSE
- Planning/studying/designing and implementing clould strategy/solution/architect on multi cloud
- Buildup/implementing/control apply security control on multi cloud
- Analyze/Developing prerequisites for cloud
- Practice with modern DevSecOps with automation (nice to have) Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Researching and implementing the updated security standards, systems, and best practices
- Detect and handle risks for IT systems, improve and maintain compliance
- Performing vulnerability assessment, security testing, and risk analysis
- Improving security standards & quality IT security services & reports
- Control and promote the implementation develop of IT security
- Test and evaluate new security solution/new security technology
Responsibilities
1. Cybersecurity risk and compliance framework and management:
Identify, highlight and remediate information security risk in the Bank
2. Policy, Standards and Processes
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes
3. Security operation & administration
- Research/develop new security standards/technique guidle and apply to bank
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Proposing the development of technological solutions to ensure information security in order to improve the current security status of the information system. Coordinate with project members to implement the roadmap.
- Implement/control and/or maintain security solutions/devices/tools as WAF, Firewall, IPS, PIM, DLP, vulnerabilities management, Encryption, 2-factor auth,...
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Contribute to the IT Security Dash Board for Management
- Training IT security awareness
4. Area of Information Security Specialization
- Provide the appropriate guidance and advisory in the area of specialization
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization
Qualifications
1. Educational Qualifications
· Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
· Has appropriate subject matter expertise in their area of information security specialisation
2. Relevant Knowledge/ Expertise
- Have at least a minimum of 5 years of experience in the area of specialization
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL
- Work experience with one or more cloud service providers
- Deep understanding of cloud service architecture with emphasis on security in the cloud
- Solid understanding of modern information security methodologies and standards, especially in cloud environment
- Cloud/Security certification desired
- Knowledge and experience supporting IAM, security operations and threat response
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
- Expert with architect, security technology, integration
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Experienced in implementing ISO27000/PCI-DSS is preferred
- Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques
3. Skills
- Have ability to read and understand the professional documents in English.
- Strong interpersonal and communication skill
- Be able to catch up and manage works quickly and effectively
- Be able to work independently with high pressure, good in teamwork
- Careful, responsible, and secure in protecting information/data belong to Bank
- Good knowledge of risk management principles, methodology and practice
- Preferred Fluent in English