CIMB Bank Vietnam

Tóm tắt công việc

The job holder will be part of the Risk Management department in the Second Line of Defense in accordance to the Enterprise Wide Risk Management framework.  Under the guidance of Head of Risk, the job holder has 2 responsibilities as follows:

Primary:

The primary role of the job holder is to effectively manage Technology risks in the second line of defense. The Manager shall oversee all Technology related rules, regulations, issuances, and standards and ensure that CIMB Bank Vietnam is compliant.  The incumbent shall assess and manage threats/risk, including Information Security and Data Privacy on the bank’s existing and new Electronic Payments and Financial Services/Products and the platforms used.

The incumbent shall work closely with the related business units (especially the IT and Digital Development team) and local regulators where applicable as part of the incumbent’s accountability to assist the Head of Risk in managing CIMB Bank Vietnam’s Technology and Information Security risk. 

Secondary:

The secondary role is to manage parts of Non-Financial Risk such as Business Continuity Management and Sustainability under the guidance of the Head of Risk.

Key Responsibilities 

The Key Responsibilities of the Technology Risk Head are as follows: 

1. Provides sound direction, guidance, advice, and consultation to business units concerning Technology and Information Security risk. 

2. Develop policies, procedures, or guidelines to ensure the security and privacy of information and computer systems. 

3. Review risk assessments undertaken by the First Line of Defense to adhere to the company’s risk controls over Third-Party Service Providers and Partners, including IT due diligence, data privacy, and cyber resiliency. 

4. Provide advisories in IT projects to implement baseline security requirements for a network, Operating system, databases, and other IT appliances to support banking systems. 

5. Review compliance assessments undertaken by the First Line of Defense over Information Security to evaluate the adequacy and effectiveness of the overall information security control posture and data privacy.

6. Research on the latest threats and vulnerabilities and, where appropriate, advise the Technology team on the mitigation and remediation. 

7. Review the outcome of penetration tests and vulnerability assessments on information systems and infrastructure that is performed by the First Line of Defense. 

8. Participate as advisor in investigating any security violations by providing post-mortem analysis to illuminate the issues and possible solutions. 

9. Facilitates Information Security Awareness to new and existing employees and consultants regularly. 

10. Ensure compliance to internal and regulatory requirement

11. Provide updates to governance committee on policy related matters, risks and areas of concern as identified from time-to-time.

• 13th month salary
• Year-end bonus based on performance rating
• Professional working environment
• Private insurance (Generali) for staff (included spouse and children)
• 15-18 Annual leave per year

Relevant degree or equivalent from a recognized University.

• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are preferred.
• ITIL, ISO27001, and COBIT Certification are preferred. 
• Science & Statistics are an advantage
• With at least 10 years of working experience in a technology risk function, preferably at the managerial level. 
• With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc. 
• A detail-oriented person with the desire to help business units meet regulatory expectations and improve the organization’s information security and technology risk practices. 
• With proven ability to establish relationships and exert influence at senior levels, regulators, and other external stakeholders. 
• Technical expertise in security-related systems and cyber incident investigation. 
• Proven knowledge of various security frameworks and standards related to IT infrastructure such as network, operating system, databases, and other IT appliances. 
• Experience and/or Technical proficiency in analyzing security threats and vulnerabilities, including the execution of VAPT. 
• Take independent action or proactively create opportunities to resolve or prevent problems in keeping with the role. 
• A strategic thinker with the ability to manage and give leadership to subordinates 
• Strong integrity, independence, robustness, and resilience 
• Sharp business acumen, including the ability to assess risk 
• Strong leadership qualities, excellent interpersonal skill, and analytical skill 
• Demonstrated ability to make appropriate and effective decisions under pressure.