Mô tả công việc
AppSecEngineering:
Vulnerability assessment and penetration testing program and responsible for the design and performance of application security robustness tests :
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
- Automate penetration and other security testing on networks, systems and applications
- Develop and maintain security testing plans
- Produce actionable, threat- based, reports on security testing results
- Operate a hands- on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices
- Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests
- Act as a source of direction, training, and guidance for less experienced staff
- Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators
- Foster and maintain relationships with key stakeholders and business partners
- Mentor and coach other IT security staff to provide guidance and expertise in their growth
InfraSecEngineering/ SystemSecEngineering:
Cybersecurity risk and compliance framework and management:
- Identify, highlight and remediate information security risk in the Bank
Policy, Standards and Processes:
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processses
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
Operations, Reporting and Administration
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Contribute to the IT Security Dash Board for Management
- Training IT security awareness
- Work with both internal/external audit during audit programs
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Collect, analyze and produce report for IT Security every month