IT Security Senior Manager (Quản lý Cấp cao An toàn Thông tin)

Prudential's purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people's career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

Job Purpose

This role is expected to oversee IT controls effectiveness and efficiency based on risk management framework to ensure the information/cyber security protection, internal/external regulation compliance of enterprise in balance with resource availability and stakeholder's needs.

Job Responsibilities

1. Ensure the IT/cyber security/Data protection controls effectiveness in operation and efficiently implemented in projects.

2. Ensure the internal/external compliance via risk/quality management framework.

3. Implement/Maintain Cyber security tools implemented in local.

4. Lead the cyber security incident response activities in local.

5. Manage all stakeholders expectation (including external parties, business user and projects teams) to mitigate the risk with business outcome oriented.

The IT Security, Risk and Controls Senior Manager will be mainly responsible for IT controls effectiveness/efficiency assurance in operation/project delivery and partially responsible.

• External regulation compliance
• IT Project delivery
• System availability/stability

The IT Security, Risk and Controls Senior Manager will handle key stakeholders including:

• External: Regulators and Audit
• Internal: All business users, IT Tech delivery, IT Operation.

Job Requirements / Yêu cầu

• University degree in Information Security or Computer Science with significant demonstrable experience in Information Security.
• A minimum of 7 years relevant experience in Information Security (Technical) with 2 years-experience in Cloud Security implantation is preferred.
• Technical capability: certified by

a. CISM/CISSP as mandatory

b. ITIL/PMP/TOGAF as secondary

c. Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, network security, endpoint security, web application security, data loss prevention, encryption, security hardening).

• Technical understanding of various technology stack and platform (e.g., Azure DevOps, Terraform, Git, Jenkins, Dockers, Kubernetes, Node.js, Java, …).
• Soft skill:

a. Good at Insurance/Business acumen

b. Good at Story telling/Data Analytic

c. Proficiency at Process development, security frameworks, compliance requirements and security operations, industry standards such as PCI DSS, NIST SP-800 Series, CIS 20, CSA CCM.

d. Strong interpersonal and communication skills, project management experience, problem-solving.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.