Senior Officer, Information Security (40001098)

Job Purpose

Participate in and directly carry out the following tasks: defining security requirements and designing information security for systems and applications; performing penetration testing; and deploying and enhancing systems and applications in use or under development, to strengthen information security capabilities and promptly identify potential vulnerabilities to propose remediation measures.

Manage and implement information security standards at Techcombank in compliance with Vietnamese and international security regulations.

Establish and maintain compliance with information security policies and regulations. Timely address risks to ensure the overall information security of the bank

Key Accountabilities (1)

              •            Join development and technology deployment projects to ensure security throughout the system lifecycle, including: security requirement analysis, secure design, threat modeling, source code review, security testing, and implementation of appropriate security controls.

              •            Research and develop information security solutions to prevent cyberattacks and incidents, ensuring safety and security across the bank’s entire information system.

              •            Collaborate with the Security Monitoring team to participate in incident response and resolution.

              •            Establish and oversee the implementation of information security processes, regulations, standards, guidelines, and policies in line with government requirements and international best practices.

              •            Implement and maintain compliance with international standards such as PCI-DSS, ISO, and SWIFT CSP.

              •            Ensure ongoing compliance with internal Techcombank policies and with circulars and regulations issued by the State Bank of Vietnam.

              •            Regularly audit the configuration and integrity of internal security policies and systems at TCB to detect violations or potential insider threats.

              •            Coordinate with Compliance Assessment and Risk Management units to evaluate the system’s compliance with policies, regulations, standards, procedures, and checklists.

Key Accountabilities (2)

              •            Design and deliver security awareness and training programs for bank staff.

              •            Research and apply information security standards and frameworks suitable for the banking environment.

              •            Perform other duties as assigned by management.

Key Relationships - Direct Manager

Director, Information Security

Key Relationships - Direct Reports

No

Key Relationships - Internal Stakeholders

Departments in the divisions

Key Relationships - External Stakeholders

Information security solutions/services companies, quick incident response organizations…etc.

Success Profile - Qualification and Experiences

Bachelor’s degree in Information Technology, Computer Science, or Electronics and Telecommunications.

3–5 years of experience in security assessment and penetration testing within financial services, telecom, or similar sectors.

Experience should include:

              •            Researching, designing, implementing, and evaluating information security solutions across different areas;

              •            Implementation and compliance with standards such as PCI-DSS, ISO, SWIFT CSP;

              •            Participating in the development and enforcement of information security standards for IT systems.

English: According to Techcombank’s current language proficiency requirements.

Experience in assessing information security in Agile development environments.

Relevant security certifications such as OSCP or PCI DSS implementation/evaluation certifications.