Check with seller Senior Officer, Information Security Cầu Giấy
- Location: Cầu Giấy, Hà Nội, Cầu Giấy, Hà Nội, VietNam
Mô tả công việc
1
Scope of activities Ensuring Information Security - Participate in projects, developing and deploying technology to ensure Information Security for systems to be built, including stages: analysis, building requirements Information security, design Information security,threat modelling, source code review, testing and building controls to ensure Information Security
- Research and develop necessary information security solutions to prevent attacks and incidents Information security, ensure security and safety for the entire information system of the bank
- Coordinate with the Information Security supervisory department in handling information security incidents
- Set up and monitor the implementation of TCB's information security process, regulations, standards, guidelines and policies in accordance with the regulations of the government and international organizations- Implement and maintain compliance with international standards PCI-DSS, ISO, SWIFT CSP
- Implement and maintain compliance with TCB's policies, circulars and regulations of the State Bank
- Regularly perform compliance and integrity checks of the security policy configuration in the internal system TCB detects violations or insider attacks
- Coordinate with Compliance Assessment and Risk Management units to assess the compliance of technology systems according to policies, regulations, standards, processes, checklists
Key Accountabilities (2) 2
Scope of activities Information Security Testing - Implement the strategy to ensure information security: + Participate in the implementation of the Information Security strategy by providing input data on attack trends, forms of exploitation and risks arising in each period
+ Participate in the implementation of the annual information security implementation plan, meet the business and operational needs of the bank through the implementation of information security testing programs for thetechnology activities of the bank
Bank
+ Develop penetration testing methods, information security scanning scripts and security checks according to international standards such as OSSTMM, Sans and OWASP
+ Develop new techniques, exploit scripts and programs for automated penetration testing - Perform test attack activities: + Directly perform vulnerability detection review, vulnerability assessment, and conduct penetration/exploit testing periodically or at the request of the Block leader for all systems/applications ; Penetration testing forsystem/application after live detection or whenever undergoing a major change
Testing methods must ensure practicality including both technical (technology) and non-technical (people, processes, physical assets)
Fromthere, provide CISO as well as other Information Security departments to have programs to deal with the problems of system weaknesses that can be exploited
+ Perform regular vulnerability scans, information security checks to find vulnerabilities in the system and provide remedial / remedial solutions; supports maintaining compliance with world security standards such asPCI-DSS, ISO***01, SCP (swift)
+ Develop and manage vulnerability management program, threat intelligence database
Collect, track metrics, and analyse trends on cyber defences, threats, detected attacks, vulnerabilities, andcountermeasures/preventions
+ Actively research / find new vulnerabilities, exploitation techniques and cyber threats; Identify trends in cybersecurity involving tactics, techniques, and processes, targeting for malware development and deployment
+ Directly participate in the experimental plan of responding to an Information Security incident as an attack unit and in the case of an actual Information Security incident as the response team
Coordinate and provideexpert cyber defense engineering skills to resolve cyber-attack incidents Key Accountabilities (3) 3
Scope of activities of Information Security Administration - Building/adjusting and implementing MTPQ of systems
- Develop requirements and measures to control access and protect the bank's data
- Develop, maintain and optimize information security policy/rule/configuration for solutions to ensure information security such as: Information security solutions on access identity management (PAM, IAM…);Network information security solutions (Firewall, NAC, APT, NetIPS, DDOS
); Information Security solutions on endpoints (AD GPO, HIPS/HFW, Appcontrol, Web/mail filtering, DB security…); Informationsecurity solutions on data (DLP, FAM
)
- Assess, evaluate, review: + Decentralization enforcement ensures compliance with the decentralized matrix
+ The issue and withdrawal of privileged accounts and digital certificates on technology systems
+ Exception requirements related to identity, access rights on technology systems + Change requirements on information security assurance solutions
- Risk management and compliance + Identify risks of the department in the process of operation, ensuring compliance with the processes and regulations of the bank
Coordinate with relevant units to handle risks
+ Perform risk treatment activities according to reports of internal/external audit departments
Key Relationships - Direct Manager Team leader of IS Key Relationships - Direct Reports No Key Relationships - Internal Stakeholders Departments in the divisions Key Relationships - External Stakeholders Information security solutions/services companies, quick incident response organizations…etc
Yêu cầu ứng viên Qualification: - Graduated in IT, Computer Science or Telecommunications - Foreign language: English: Level 1 – TOEIC under 550 - Certificates in information security such as OSCP, PCI DSS assessment implementation certificate, ISO - Having ISC2 SSCP security certificates is an advantage - Having certificates of companies providing security solutions such as Microsoft/Cisco/PaloAlto/Checkpoint/Cyberark/Sailpoint…” - Having certificates in information security such as - SANS SEC660, SEC760, SANS SEC642, SANS SEC575, OSCE, OSCP Experience: - Experience in performing security testing in financial / service / telecommunications organizations from 5 years
The experience includes the following aspects: + Research, design, implement and evaluate Information security for systems and applications + Implement PCI-DSS, ISO, Swift CSP
Participate in the development and control of compliance with security standards for IT systems - Experience in performing security testing in financial / service / telecommunications organizations
The experience includes the following aspects: + Experience in researching security holes, developing attack techniques/tools, performing attack testing of technology systems by technical and non-technical measures) - Having experience in implementing, managing, and operating in-depth in terms of policies, set of rules, configuration of information security at least one of the following areas at financial/service/telecommunications organizations (5 years) - Security solutions for access identity management (PAM, IAM
) - Network security solutions (Firewall, NAC, APT, NetIPS, DDOS
) - Security solutions for terminals (AD GPO, HIPS/HFW, Appcontrol, Web/mail filtering, DB security
); - Data security solutions (DLP, FAM
) - Experience in information security assessment according to Agile method Quyền lợi - Review lương 1 lần/ năm - Cán bộ nhân viên sẽ có từ 12- 15 ngày phép/ năm - Bảo hiểm AON cho Cán bộ nhân viên - Công ty có các CLB thể thao sinh hoạt hàng tuần (đá bóng, chạy bộ, cầu lông) - Team building 1 lần/ 1 năm theo tiêu chuẩn 5 sao - Môi trường làm việc trẻ, năng động, cơ hội phát triển cao Cách thức ứng tuyển Hạn nộp hồ sơ: 30/04/2024
Useful information
- Avoid scams by acting locally or paying with PayPal
- Never pay with Western Union, Moneygram or other anonymous payment services
- Don't buy or sell outside of your country. Don't accept cashier cheques from outside your country
- This site is never involved in any transaction, and does not handle payments, shipping, guarantee transactions, provide escrow services, or offer "buyer protection" or "seller certification"
Related listings
-
Nhân Viên MarketingViệc tìm người - Thanh Xuân (Hà Nội) - 2022/05/02 Check with seller
Mô tả công việc Xây dựng chiến lược Marketing cho sản phẩm, các chương trình truyền thông đưa sản phẩm tới gần hơn với khách hàngLập kế hoạch, triển khai và theo dõi chiến dịch quảng cáo của sản phẩm trên các kênh Online như: Facebook, Google, Tik To...
-
Nhân Viên Phòng Sản PhẩmViệc tìm người - Thanh Xuân (Hà Nội) - 2022/05/02 Check with seller
Mô tả công việc Trực tiếp tham gia điều phối, giảng dạy hoặc support các khoá học, lớp học và chương trình Tham gia lên kế hoạch bài giảng cho khóa học, lớp học và chương trìnhTheo sát tiến độ và cập nhật tình hình của các chương trình và khoá học, t...
-
Nhân Viên Kế ToánViệc tìm người - Nam Từ Liêm (Hà Nội) - 2022/05/02 Check with seller
Mô tả công việc - Lập, tập hợp, tổng hợp chứng từ kế toán tiến hành hạch toán kế toán, ghi sổ các nghiệp vụ kế toán phát sinh; - Theo dõi, rà soát hoạt động kinh tế phát sinh, xuất hoá đơn (nếu có), ghi nhận đầu vào, đầu ra đúng với quy định, chính s...
Comments
Leave your comment (spam and offensive messages will be removed)