IT Security and Compliance Deputy Manager

Expired

Job Responsibilities

• Ensuring IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements.
• Develop and implement the identification, assessment and mitigation of information security risks.
• Develop and issue policies, procedures and guidelines related to information security in line with MAFC’s reality (PCI-DSS, ISO 27001...).
• Be a contact point for reporting information security compliance to competent authorities.
• Responsible for the day to day information security operation.
• Create high quality reports, ready for review by CIO.
• Identify potentially unwanted behavior and patterns of abuse on the system, and take steps to moderate and restrict this behavior.
• Conduct the Vulnerability Assessment and Advanced Penetration Testing for: Web Application, Mobile Application, Network, Servers, Workstations.
• Fight against threats to user safety (such as account takeover, privileged access abuse, fraud, unintentional data leaks etc).
• Creating phishing campaigns and performing physical social engineering to obtain system and building access as well as to gather critical documents and information.
• Performing code review: static, dynamic, and manual source code review.
• Lead Incident Response activity (Identification, Response, Recovery and security incident investigations).
• Perform security audits driving industry standard benchmarks.
• Provide security guidance and input to engineering and operational teams during design review and threat modeling.
• Develop secure coding practices and recommend technical mitigations for development teams.
• Develop hardening guidelines and review security configurations.
• Design and implement security patterns, systems, tools, infrastructure and frameworks to protect organization’s intellectual property against all types of threat and adversaries.
• Secure design, build, assess and operate industry standard data security solutions for cloud hosted and traditional environments.
• Implement data security controls to ensure a secure production environment.
• Perform data security risk assessments and provide remediation recommendations.
• Research and understand external best practices and emerging technologies for possible incorporation into organizational data security practices.
• Work closely with key business partners, internal technology teams and external vendors to research, deploy and configure technologies and processes that strengthen the defenses of the enterprise.
• Translate highly technical concepts into business impact and make remediation recommendations.

Job Requirements

• Bachelor degree in Infosec/Computer Science/Computer Engineering/MIS, or equivalent programs.
• An expert ability to assess an organization’s attack surface/exposure level.
• Expertise in Vulnerability Management, Incident Response/SOC, SIEM.
• Experience in the Security planning, coordinating, executing, and reporting of tasks.
• Experience performing code and infrastructure design reviews.
• Experience in cloud security.
• Experience in DLP solutions is a must.
• Experience in creating phishing campaigns and performing physical social engineering to obtain system and building access as well as to gather critical documents and information.
• At least 05 years Cyber Threat Intelligence, Red team and Blue Team Experience.
• At least 03 years of experience operating security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, SIEM, VPN, DLP, IAM, PAM, database security, etc.
• Proficiency in Linux, Windows systems engineering/operations.
• Relevant professional qualifications such as OSCP, OSCE, OSWE, GPEN, GXPN, CHFI would be an advantage.
• Familiarity with building, deploying, maintaining security controls.
• Strong familiarity with at least one of the following: OWASP Top 10, PTES, or NSA Vulnerability and Penetration Testing Standards.
• Knowledge of international standards such as PCI-DSS, ISO 27001, etc.
• Strong analytical, Logical thinking and problem solving capabilities.
• Team-work spirit and professional working behavior.
• Able to research new knowledge and technology.

Mirae Asset Finance Viet Nam aims to build a "Professional - Friendly - Effective" working environment. Our strategic objective is to provide a working place with attractive package, growth opportunity, and sustainable development.