Organize and keep enhancing the information risk management framework, policies, procedures and processes; to ensure that regulatory are put into practice
Perform evaluations of the design and effectiveness of overall control measures for information technology and the controls of IT application; control the movement of information, data for both within VPB SMBC FC and to outside
Perform and validate Information Risk Assessment on Vendors, participate in due diligence on vendor selection process
Security considerations include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, data confidentiality and integrity
Identify potential risk and provide guidance of risk mitigation and acceptance in information design gaps in existing and proposed architectures and recommend implement changes or enhancements
Manage incidents, response & handling in the event of information risk at VPB SMBC FC
Coordinate with relevant units to define and set up the matrix of access rights for all information systems, database of VPB SMBC FC.
Identify risk of
Train and monitor the deployment of communication methods to enhance information risk awareness across VPB SMBC FC
Other tasks assigned by Center Director.
REQUIREMENTS
Education
degree of University graduation, major: IT, Audit, Economics/Finance, Business Administration,
Kinh nghim
Experience
Minimum 5 years solid experience in Information Risk and Security Management gained in financial industry;
Prefer having experience in audit and compliance in information risk;
Understanding regulatory related to IT security is a plus;
Holder of Professional Certificate CISSP, CISA and or CISM.
Skills
Proficient in MS Office (Excel, Word, Access, Marco, PowerPoint, Outlook)
Proficient in English, spoken and written
High integrity and professional work practice
Lead team and work with related stakeholders in effective way
