Carry out activities related to building and implementing data security mechanisms, ensuring data safety, compliance, and protection throughout the entire data lifecycle, in accordance with legal regulations and international standards (Decree 13/2023/ND-CP, ISO 27001, GDPR, etc.).
Collaborate with Data Governance, Information Security, Risk, and Compliance units to effectively implement data security policies, processes, standards, and tools within the assigned scope, contributing to continuous, secure, and efficient enterprise-wide data governance operations.
WHAT WILL YOU DO
- Design and implement a unified Data Security Framework across the organization;
- Manage data security activities throughout the data lifecycle, including: Data classification and tagging, Encryption and key management, Data masking and tokenization, Access control and authorization (IAM, ABAC/RBAC), Data loss prevention (DLP), monitoring, and incident response
- Develop and update data security policies, procedures, and standards, in close coordination with IT Security, Data Governance, Risk Management, and Compliance teams;
- Participate in the implementation, assessment, and compliance control of legal regulations related to personal data protection and information security;
- Conduct training and raise awareness of data security for business and technical units;
- Prepare periodic reports on data security status, provide early risk warnings, and propose improvement plans for senior management.
WHAT WILL YOU NEED
- Bachelor's degree in Information Technology, Information Security, Data Science, or a related field;
- Minimum of 5 years of experience in Information Security, Data Governance, IT Risk, or Cloud Security;
- Strong understanding of data security standards and frameworks: ISO 27001/27701, NIST, GDPR, PCI-DSS, Decree 13/2023/ND-CP;
- Hands-on experience implementing or managing data security tools such as DLP, Data Masking, Encryption, IAM, SIEM, Key Vault, and Cloud Security tools;
- Ability to design and implement organization-wide data security frameworks;
- Data-centric security mindset, with the ability to balance security and business efficiency;
- Strong cross-functional coordination, communication skills, and the ability to make quick decisions during incidents;
- Preferred certifications: CISSP, CISM, CDPSE, ISO 27001 LA/LI, CDMP Practitioner, CISA;
- Proficiency in SQL and BI tools.
