Quyền lợi được hưởng
Benefits and Perks
Perks You'll Enjoy
Working in one of the Best Places to Work in Vietnam
Building large-scale & global software products
Working & growing with Passionate & Talented Team
Diverse careers opportunities with IT Solutions & Consulting, Software Outsourcing, Software
Product Development, ...
Attractive Salary and Benefits
Performance appraisals every year
Onsite opportunities: short-term and long-term assignments in North American (U.S, Canada), Europe, Asia.
Flexible working time
Various training on hot-trend technologies, best practices and soft skills
Premium healthcare insurance for you and your loved ones
Company trip, big annual year-end party every year, team building, etc.
Fitness & sport activities: football, tennis, table-tennis, badminton, yoga, swimming...
Joining community development activities: 1% Pledge, charity every quarter, blood donation, public seminars, career orientation talks,...
Free in-house entertainment facilities (foosball, ping pong, gym...), coffee, and snack (instant noodles, cookies, candies...)
And much more, join us and let yourself explore other fantastic things!
Mô tả công việc
Responsibilities
Lead, manage and develop the Security Compliance team on day-to-day operation.
Establish, maintain, monitor and improve the Information Security Management System (ISMS) by following industrial standards and compliance requirements such as ISO 27001, SOC2 Type II, HIPAA, HITRUST, PCI-DSS, GDPR, etc.
Develop, maintain and monitor security policies, processes, and procedures to ensure compliance with Client' security requirements and applicable legal laws and regulations.
Determine security violations and inefficiencies by conducting periodic security audits to identify potential vulnerabilities related to asset protection, ensure operational security controls are implemented and maintained properly.
Report non-conformity issues to the management and propose countermeasures for those issues to renovate the organization and operation of the Company to continuously improve the efficiency of business.
Evaluate security trends, evolvement of threats, vulnerabilities, and performs risk assessment and treatment plan; coordinate with related parties for consulting on remediation.
Develop and maintain the effectiveness of security awareness program through training and activities to enhance user' awareness.
Set goals for Compliance team, deliver work results and periodically review metrics to ensure achieving goals.
Lead effort in delivering and providing security standard compliance consulting, audit assessment services to KMS businesses and its product companies as Group level.
Keep improving service quality to increase client satisfaction by improving processes and suggesting initiatives to support the team's daily work and long-term plan.
Perform other duties as assigned by higher level.
Yêu cầu công việc
Qualifications
Knowledge and skills:
5+ years of working experience within Security Compliance in medium or enterprise level. Prefer to technology, banking, fintech, auditing or internal control firms.
2+ years of experience in building security management frameworks to meet with SOC 2, ISO 27001, PCI DSS, HIPAA, HITRUST etc.
Having strong knowledge and experience of Information and Cyber Security Management.
Experience in people management, team development and engagement.
Demonstrate ability to work independently and as part of a team to achieve team goals.
Demonstrate strong organizational skills, including time management and ability to effectively prioritize, take ownership and execute tasks in a high-pressure environment.
Demonstrate good logical thinking and problem-solving skills.
Ability to communicate effectively across all levels of the organization.
Good at English in communication skills including oral and written.
Education/Training Preferred:
Bachelor's degree in Computer Science, Auditing, Business Administration and Operations Management related field or equivalent work experience.
Lead
Internal Auditor certificate is a plus.
Certification of CISA, CISM or other equivalent certificates in security management is an advantage.
