Fossil Vietnam

Tóm tắt công việc

• In charge of Security Governance such as Security Audit, Cyber Security Standard & Procedures, Security Awareness Training, Cyber Training Programs... 
• Conduct security risk & assessments and communicate current practices to key stakeholders. Support the creation and management of the security risk management process and build dashboards. 
• Responding to, investigating and remediating any breach and/or potential security issues. 
• Mitigate identified risks / vulnerabilities to an acceptable level. 
• Develop & maintain inventory of the information maps, data, systems, owners. 
• Assist on access review and access controls. 
• Track existing security issues to ensure remediation followed by the development teams. 
• Build Security Awareness Training program, phishing campaign, which includes creation, management and reporting of phishing exercises quarterly. 
• Identify new security issues by staying up-to-date on current security trends. 

• Competitive salary (100% salary during probation)
• Bonus:
  • 13th-month salary paid in December
  • Performance bonus
• Insurance:
  • Social Insurance on full salary starts from probation
  • Premium health insurance for employees and family, even in probation
• Annual leave: up to 15 days/year (and plus Volunteer time off, and plus Summer hours...) Enjoy!
• Gift and Care:
  • Welcome watch after probation
  • Monthly mobile cards: 500,000 VND
  • Silver membership at Getfit Gym & Yoga Center downstairs
  • Free lunch and free dinner 
• All tools you need: Mac/Windows, iOS/Android, Testing devices/State-of-the-art wearables, you name it.
• Opportunities to work with Tech giants, multinational offices and develop yourself through training programs, language classes,...
• Employee engagement activities: From team building, sports competition, Halloween to Christmas to Year-end-parties to the Lunar new year... Yah, we work hard, we play hard!

• Bachelor’s degree in Computer Science, Information Security related field or equivalent work experience.
• At least 2-3 years of experience in cybersecurity practices, in at least one of following domains: IT risk management, IT audit, security operation, security engineering, pentesting, etc;
• Familiar with a variety of the information Risk Management concepts, practices and procedures;
• Knowledge of Cyber Security processes, tools & techniques. Cloud knowledge (AWS, GCP) is a big plus but not required.
• Familiar with security best practices for client-server product architectures, focusing predominantly on cloud-based server development.
• Good technical skills in various tools and environments. Understand Agile, Scrum... and SDLC methodologies and various programming languages.
• Demonstrate good logical thinking and problem-solving skills.
• Good at English in communication skills including oral and written. 

Nice to have 

• Experience with cloud-based security management tools is a big plus.
• Hands-on experience in scripting languages such as Go/ Shell /Python /Perl / Ruby...; is an advantage.
• Having knowledge in CIS, NIST, ISO 27000 family, SOC2, GDPR, PCI-DSS is an advantage.
• Any equivalent certificate is an advantage (CISSP, CISA, CSIM, etc...).