IT Security Manager Smartpay JSC

- Implement the design and operation of related security compliance monitoring, internal/external audit management, and improvement activities to ensure compliance with internal security policies and applicable laws/regulations.
- Lead information security awareness, training, and educational activities.
- Develop and implement enterprise governance, risk, and compliance strategy and solutions.
- Implement processes, such as GRC, to automate and continuously monitor information security controls, exceptions, risks, and testing to develop reporting metrics, dashboards, and evidence artifacts.
- Develop strong relationships with external audit and key stakeholders to ensure risk management oversight is understood, managed appropriately, and current with all standards, guidelines, and regulations that are applicable.
- Implement information security risk assessments and controls selection activities to conduct gaps analysis for SBV and PCI- DSS requirements to estimate potential risks and appropriate treatments.
- Perform other related duties as assigned.
- Implement and provide support to all stakeholders on security controls, risk assessment framework, and program that aligns with regulatory requirements, such as PCI DSS and State Bank of Vietnam circulars, ensuring documented and sustainable compliance that aligns and advances SmartPay business objectives.
- Liaise with all departments to identify, track and provide remediation guidance for new projects, services and/or third- party contracts in terms of information security assurance.

- Deep understanding of information security controls, guidelines, and standards such as CIS Control, NIST, and OWASP is a plus.
- 7+ years in IT related areas including 3+ years in Information Security, Cybersecurity & IT Risk Management at a management role.
- University degree, major in IT or related technical areas.
- IT GRC in the big 4 professional service firms (PwC, Deloitte, KPMG, or EY) is a plus.
- Certification in such as CRISC, CISA, and CISM is a plus.
- Having relevant experience with information systems auditing, monitoring, controlling, and assessment process.
- Having previous experience with risk assessment and management methodology.
- Familiar with PCI DSS, ISO27k family, SBV’s Circular.
- Having knowledge of applicable information security management, governance, risk, and compliance principles, practices, laws, rules, and regulations.
- Good at Vietnamese and English.
- Experience in similar positions in banks/ financial service companies is preferred.

14 Days of Annual leaves

Laptop/Macbook

Annual Company Trip/ Team Building Trip

Cập nhật gần nhất lúc: 2024-03-14 09:43:44