Senior/Expert IT Security Specialist (Infrastructure)

Job Description

Cybersecurity risk and compliance framework and management:

• Identify, highlight and remediate information security risk in the Bank

Policy, Standards and Processes:

• Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
• Provide feedback to enhance the current policies, regulations, standards and processes where necessary
• Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processses

Operations, Reporting and Administration

• Ensure that the Information Security Strategy and Plans are implemented as planned.
• Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
• Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
• Contribute to the IT Security Dash Board for Management
• Work with both internal/external audit during audit programs
• Training IT security awareness
• Collect, analyze and produce report for IT Security every month

Job Requirement

• Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)
• 3-4 years or more of working experience in IT security banking, good knowledge international IT security standards (ISO 270001, PCI-DSS,…), ITIL
• Have good knowledge about: network security, system security, application security and virus/malwares, secure coding
• Expert with architect, security technology, integration
• Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
• Good using some tools for hacking:  VA, APPScan, Metaexploit, kalilinux
• Experienced in implementing ISO27000/PCI-DSS is preferred
• Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques (is a plus)
• Stakeholder expectation management
• People Management
• Risk Management
• Budget Management