PURPOSE.
• Oversee all the information security operation in VAS.
• Minimize the business risk which might be caused by Technology based Solution.
• Ensure the VAS information shall be protected in term of availability, integrity & confidentiality matching with business need and support the VAS growth.
• Enhance the Security Awareness among VAS community.
Job Description
• Establish the Information Security Plan toward to updated ISO Framework as well as in alignment with IT Strategic Plan,
• Write & review all security-related documents such as incidents reports, proposals and tactical or strategic initiatives.
• Implement the security policies, regulations and rules, norm and make sure that the environment, in VAS is safe.
• Play the role of
Project Manager to undertake all the projects to mitigate the business risk in term of Information Security.
• Undertake the periodical Internal Audit to ensure setting up the controls in Technology based Solution following to Risk Reports & Mitigation Plan. Lead the penetration test to identify the technical vulnerabilities of IT Platform & work with relevant teams to propose the solution to management.
• Frequently hold the meeting with Management Team to present the business technology related risks and mitigation plan.
• Work as representative of IT Division & collaborate with external Audit companies for Annual Internal Audit.
• Undertake the data classification & ensure the VAS Information shall be protected in term of confidentiality, availability, and Integrity.
• Manage the day to day of entire Information Security Team Activities & show up the leadership role in collaborating with business Divisions Head to identify the business risk based on the IT solution.
• Lead the Information Security Team including the Planning, Organizing, Leading, Staffing & Controlling aiming to have solid structure in place to support business. Plays the role of an IT Leader to behave as a good example for all staff in Division to follow.
• Develop budget for Security Operations
• Translate and implement all the initiates/request from management team/business executive, staff to minimize the business risk or adding value to business in term of the Employee Productivity, enhance the business operation & improve Customer Satisfaction ...
• Proactively identify the potential issue & problem in Operation and propose the enabling solution.
• Share knowledge and Expertise to prepare the internal successors ready for the incumbent's position and other lower key positions in the section or department within the time frame of employment term.
• Closely work with Legal Team to ensure the compliance with security & privacy law in place.
• Actively Plan and conduct the Information Security awareness to VAS users as other kind of training such as soft skill or management skill to IT Staff.
• Periodically update the new of technology solutions/Information Security by attending the meeting, professional seminars or conference specializing in Information Security.
• Read, acknowledge understanding, stay updated, set good example of compliance with the company's policies stipulated in various regulations, guides and manuals including but not limited to the Company policy, Staff Manual, IT Guideline, IT Instruction, Letter of Authority, Anti-corruption policy etc... Make sure all the team members should be aware of this.
• Work with relevant teams in organization to establish DRP and BCP matching with business need.
• Requires a degree in computer science or business administration
• CISSP, CISA, CEH will be an advantage,
• Requires proficiency in
English communication.
• Having experience of Education Industry is advantage
• Have knowledge of ERP, BI,
IT Infrastructure & Architecture, Enterprise Architecture, Database, Cloud Technology, Virtualization, Application Development...
• Demonstrate an expert understanding or very detail area of expertise in multiple security subjects
• Demonstrate the expert knowledge of law, regulation & policies, standard, procedures
• Have a good leadership, management & communication skills
• Have a good negotiations skill,
• Have a good knowledge of security enviroinment and hazards.
