JOB DESCRIPTION

Primary Objectives

• Oversees and ensures the organization‘s adherence to recognized IT standards, regulatory requirements, and internal policies.
• Ensures the Confidentiality, Integrity, and Availability of the Organization’s information systems through regular audits, documentation, risk management and communication.
• Provides line management, leadership and strategic direction for the function and liaising closely with other managers.

Main responsibilities

• Leads the design, implementation, operation, and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards, including certification against ISO/IEC 27001 where applicable 
• Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations 
• Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Security Committee 
• Leads or commissions suitable information security awareness, training and educational activities 
• Leads or commissions information security risk assessments and controls selection activities 
• Leads or commissions activities relating to contingency planning, business continuity management and IT disaster recovery in conjunction with relevant functions and third parties 
• Leads IT interal audits

JOB REQUIREMENTS

1. Educational level
• Bachelor’s or above degree in the field of computer science or information system. 
2. Knowledge & Experiences
• At least 5 years of experience in Information Security Management/IT Audit/IT Risk Management/ IT compliance
• Strong understanding of IT standards and regulatory requirements (ISO 27001,  GDPR, etc.)
• Experience leading and managing ISO 27001 Certification Project or equivalent
• Strong experience with popular Risk management frameworks like ISO 27005, NIST or equivalent.
• Experience conducting IT Audit as a Lead Auditor
• Have background in technical IT roles such as IT architecture, development, or operations, with a clear and abiding interest in information security is a plus.
• Information security management qualifications such as CISSP or CISM; lead auditor qualifications such as IRCA is a plus
3. Technical skills
• Ability to analytical prove, evaluate and problem-solving 
• Ability to conduct and direct research into IT issues and products as required 
4. Soft skills
• Highly organized, extremely responsive, and hands-on team leadership and management experience 
• Highly self-motivated and directed 
• Ability to effectively prioritize and execute tasks in a high-pressure environment 
• Keen attention to detailed 
• Effective written communication skills for documenting the features tested and bugs found  
• Excellent interpersonal skills, works well independently and with others 
• Good at written and oral Vietnamese and English.