Senior Officer, Information Security (40001098)
Job Purpose
Participate and directly implement: propose security requirements/information security design in the system, application/penetration testing/deployment and improvement for the system, application being/about to be put into use, to improve information security capacity for the system and promptly detect potential information security weaknesses, thereby proposing remedial measures
● Manage and implement information security standards at TCB to meet the security requirements of Vietnam and the world
● Establish and maintain compliance with information security regulations and policies. Timely handle risks to contribute to ensuring information security for the Bank
Key Accountabilities (1)
1. Responsibility in ensuring information security:
● Participate in projects, develop and deploy technology to ensure information security for the systems to be built, including the following stages: analysis, building information security requirements, information security design, threat modeling, source code review, testing, and building information security control measures
● Research and build necessary information security solutions to prevent information security attacks and incidents, ensuring security and safety for the entire information system of the bank
● Coordinate with the information security monitoring department to participate in handling information security incidents
● Establish and monitor the implementation of TCB's information security processes, regulations, standards, guidelines and policies according to the regulations of the government and international organizations
● Implement and maintain compliance with international standards PCI-DSS, ISO, SWIFT CSP
● Implement and maintain compliance with TCB's policies, information regulations of the State Bank
● Regularly conduct compliance checks and integrity checks of security policy configurations in TCB's internal system to detect violations or internal attacks
● Coordinate with Compliance Assessment and Risk Management units to assess the level of compliance of the technology system according to policies, regulations, standards, procedures, and checklists
Key Accountabilities (2)
2. Other responsibilities:
Design and implement training programs to raise security awareness and security warnings for Bank employees
Research and apply information security standards for the Bank Perform other related tasks as required by management levels
Key Relationships - Direct Manager
Senior Mangaer, Manager, Information Security
Key Relationships - Direct Reports
No
Key Relationships - Internal Stakeholders
Departments in the divisions
Key Relationships - External Stakeholders
Information security solutions/services companies, quick incident response organizations…etc.
Success Profile - Qualification and Experiences
● Graduated from University majoring in IT, Mathematics or Telecommunications
● Have 3-5 years of experience conducting security testing assessments in financial/service/telecommunications organizations.
● Experience includes aspects of:
- Research, design, implementation, and assessment in the field of information security in various areas
- Deploy PCI-DSS, ISO, Swift CSP...
- Participate in the implementation of building and controlling compliance with information security standards for IT systems
● English: According to current regulations of the Bank
● Have experience in assessing information security using the Agile method
● Have information security certificates such as OSCP, PCI DSS assessment implementation certificate