Head of IT Compliance & Security
Management Penetration Testing Compliance IT Security
Chat
Benefit
13th month salary
Extra health insurance
Performance bonus
Laptop/desktop for works
Salary review
Job Overview And Responsibility
JOB DESCRIPTION - Ensuring IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements. - Develop and implement the identification, assessment and mitigation of information security risks. - Develop and issue policies, procedures and guidelines related to information security in line with company's reality (PCI-DSS, ISO 27001,...). - Be a contact point for reporting information security compliance to competent authorities. - Responsible for the day to day information security operation. - Create high quality reports, ready for review by CIO. - Identify potentially unwanted behavior and patterns of abuse on the system, and take steps to moderate and restrict this behavior. - Conduct the Vulnerability Assessment and Advanced Penetration Testing for: Web Application, Mobile Application, Network, Servers, Workstations. - Fight against threats to user safety (such as account takeover, privileged access abuse, fraud, unintentional data leaks etc). - Creating phishing campaigns and performing physical social engineering to obtain system and building access as well as to gather critical documents and information. - Performing code review: static, dynamic, and manual source code review. - Lead Incident Response activity (Identification, Response, Recovery and security incident investigations). - Perform security audits driving industry standard benchmarks. - Provide security guidance and input to engineering and operational teams during design review and threat modeling. - Develop secure coding practices and recommend technical mitigations for development teams. - Develop hardening guidelines and review security configurations. - Design and implement security patterns, systems, tools, infrastructure and frameworks to protect organization’s intellectual property against all types of threat and adversaries. - Secure design, build, assess and operate industry standard data security solutions for cloud hosted and traditional environments. - Implement data security controls to ensure a secure production environment. - Perform data security risk assessments and provide remediation recommendations. - Research and understand external best practices and emerging technologies for possible incorporation into organizational data security practices. - Work closely with key business partners, internal technology teams and external vendors to research, deploy and configure technologies and processes that strengthen the defenses of the enterprise. - Translate highly technical concepts into business impact and make remediation recommendations.
Required Skills and Experience
JOB REQUIREMENT - Bachelor degree in Infosec/Computer Science/Computer Engineering/MIS, or equivalent programs. - An expert ability to assess an organization’s attack surface/exposure level. - Expertise in Vulnerability Management, Incident Response/SOC, SIEM. - Experience in the Security planning, coordinating, executing, and reporting of tasks. - Experience performing code and infrastructure design reviews. - Experience in cloud security. - Experience in DLP solutions is a must. - Experience in creating phishing campaigns and performing physical social engineering to obtain system and building access as well as to gather critical documents and information. - At least 06 years Cyber Threat Intelligence, Red team and Blue Team Experience. - At least 05 years of experience operating security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, SIEM, VPN, DLP, IAM, PAM, database security, etc. - Proficiency in Linux, Windows systems engineering/operations. - Relevant professional qualifications such as OSCP, OSCE, OSWE, GPEN, GXPN, CHFI would be an advantage. - Familiarity with building, deploying, maintaining security controls. - Active within the security community. - Strong familiarity with at least one of the following: OWASP Top 10, PTES, or NSA Vulnerability and Penetration Testing Standards. - Knowledge of international standards such as PCI-DSS, ISO 27001, etc. - Strong analytical, Logical thinking and problem solving capabilities. - Team-work spirit and professional working behavior. - Able to research new knowledge and technology. - Ability to work effectively with cross function team to complete multiple projects with changing priorities and meet deadlines. - Strong business writing skills. - Exceptional communication skills.
Why Candidate should apply this position
WHAT WE OFFER Mirae Asset Finance Company Vietnam aims to build a "Professional - Friendly - Effective" working environment. Our strategic objective is to provide a working place with attractive package, growth opportunity, and sustainable development. - Attractive packages with 13th salary year-end bonus and a week trip to Korea in order to recognize all your good performance and effort at MAFC. - 15 days annual leave. - Annual health check, company events. - Annual healthcare insurance package from senior level and above. - Young and proactive environment; no barriers, no limitation for new idea. - Flexible internal career opportunity.
Job Q&A
Similar jobs
Can we know the salary range of this postion?
open for expat?
Hi, this role prefers Vietnamese