Expert, Information Security (40001096)

Job Purpose

The job holder perform duties in designing, building, testing and implementing banking information security solutions.

Key Accountabilities (1)

o Proposing action plans related to security development activities
- Participate in proposing the annual action plans of the unit
- Participate in building/advising on the overall strategy of the unit
o In-depth research, propose solutions and techniques for activities:
- Research and develop information security measures and solutions: Network security, Endpoint security, Data security, Application Security
- Requirements development, security design, risk modeling, information security testing (source code review and testing), deployment of security controls.
- Develop advanced security testing standards and techniques
- Develop and apply secure programming standards, based on CWE/SANS top 25, OWASP
- Update, analyze vulnerabilities/weaknesses and assess effects on Techcombank in order to offer appropriate protection measures.
- Coordinate with the security monitoring và response department to analyze, and respond to attacks that affect the bank's operations. Apply security measures and solutions to effectively and thoroughly eliminate/prevent threats."

Key Accountabilities (2)

- Planning information security strategy:
o Participate in the development of information security strategy and annual strategic implementation plan according to assigned tasks
- Implement information security activities:
o Participate in the development of information security solutions for large, key projects involving many technology fields.
o Coordinate and providing in-depth skills to resolve security incidents
o Technical advice, training for other staffs
o Analyze trends in cyber warfare, risks and vulnerabilities to propose suitable testing strategies and prevention methods.
o Research new solutions and technologies to advise leaders in planning information security strategies.

Key Accountabilities (3)

Other missions:
- Participate in the implementation and/or support of technology projects
- Organize training, career development orientation for employees, foster and build human resources for the department.
- Perform other related tasks at the request of management levels.

Key Relationships - Direct Manager

Manager, Senior Manager, Information Security

Key Relationships - Direct Reports

Key Relationships - Internal Stakeholders

Key Relationships - External Stakeholders

Information security solutions/services companies, quick incident response organizations…etc.

Success Profile - Qualification and Experiences

Qualifications
- University degree in IT or electronics or telecommunications or related fields
Work Experience
- At least 08 years of working experience in information security management in financial / service / telecommunications organizations.
- Experience in planning information security / information technology strategy;
- Experience in research, design and implementation in the field of information security.
Other requirements
- Experience in Agile Product Development
- Business English requirements according to TCB's policy.