VNGGames

Overview of job

JOB SUMMARY

The Risk & Compliance Specialist (IT RISK & COMPLIANCE) is responsible for developing, maintaining, and executing the IT Risk Management Framework to ensure effective oversight, advisory, and challenge of IT and Security processes across VNGGames. This role partners with both technical and business stakeholders to identify, assess, and mitigate IT risks while ensuring alignment and compliance with internal standards, frameworks, and best practices.

JOB DESCRIPTION:

• Ensure that IT operations are executed effectively, efficiently, and in alignment with organizational objectives while managing technology-related risks and maintaining compliance with internal standards and frameworks.

• Develop, implement, and maintain comprehensive frameworks, policies, procedures, and guidelines to support consistent and standardized IT governance, risk, and compliance practices.

• Identify, assess, prioritize, and manage IT and cybersecurity risks that could impact business objectives, critical systems, or data assets.

• Conduct regular IT risk and control assessments, perform continuous monitoring, and lead periodic reviews to evaluate the design and operating effectiveness of existing controls.

• Implement, monitor, and track risk mitigation measures, technical controls, and corrective action plans to address identified risks or compliance gaps.

• Monitor updates to IT standards, frameworks, and internal requirements; assess their impact, identify gaps, and coordinate actions to ensure continuous compliance.

• Align enterprise risk management and compliance requirements with IT policies, processes, and operational practices.

• Communicate and collaborate with stakeholders to strengthen understanding and awareness of IT risks, control effectiveness, and compliance expectations.

• Maintain the IT risk and compliance profile, including mappings of risks, controls, and assessment results, to support effective management oversight and audit readiness.

• Monitor the design and performance of IT controls to ensure standardization, consistency, and effectiveness across systems and processes, and report on key risk indicators, control performance, and emerging issues.

• Creative, innovative culture that encourages new ideas
• Real impact on products used by millions of users
• Strong long-term career path with a stable, well-established business
• Competitive compensation & benefits
• Fast learning and growth through modern tech and challenging projects

QUALIFICATION:

• Bachelor’s degree in Management Information Systems, Information Technology, Computer Science, or a related field.

• At least 4 years of experience in IT Risk Management, IT Governance, IT Audit, or Information Security.

• Solid understanding of IT risk management principles, internal controls, and compliance frameworks (e.g., NIST, ISO 27001, COBIT, ITIL).

• Experience with risk assessment methodologies, control testing, and issue remediation tracking. 

• Strong analytical, problem-solving, and critical-thinking skills with attention to detail.

• Excellent communication and stakeholder management skills, with the ability to work effectively across technical and business teams.

• Proactive mindset, able to work independently while managing multiple priorities in a fast-paced environment.

• Professional certifications such as CRISC, CISA, CISSP, ISO 27001 Lead Implementer/Auditor, or equivalent are preferred.