Assistant Manager, IT Security Governance VN at CIMB BANK VIETNAM

Ho Chi Minh City, Ho Chi Minh, Vietnam -

Full Time

Start Date

Immediate

Expiry Date

05 Jul, 26

Salary

0.0

Posted On

06 Apr, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

IT Security Governance, Policy Management, Cloud Security, Vulnerability Assessment, Penetration Testing, Identity And Access Management, Firewall Management, Network Hardening, Risk Management, ISO 27001, NIST 800-53, CIS, Stakeholder Management, Agile, CI/CD, Regulatory Compliance

Industry

Banking

Description

Key Responsibilities * Develop, maintain, and enforce the organization’s information security policies, standards, and guidelines to ensure IT systems and applications comply with security best practices, regulatory requirements, and internal compliance obligations. * Govern and enforce cloud security controls, baseline configurations, and secure architecture patterns across cloud, on-premise, and hybrid environments. * Supervise security assessments, including vulnerability assessments, penetration testing, and technical reviews; ensure remediation plans are defined, prioritized, and implemented in accordance with approved policies. * Manage identity and access management controls, including privileged access, service accounts, and secure authentication mechanisms. * Review and approve changes to security controls, including firewalls, VPNs, routing configurations, operating system hardening, and IDS/IPS rules. * Collaborate cross-functionally with technology, operations, and business teams to identify security threats arising from day-to-day operations and propose appropriate security controls and risk mitigation measures. * Drive a shift-left security approach by embedding security requirements early in Agile delivery, CI/CD pipelines, and infrastructure provisioning lifecycles. * Review and validate risk assessments conducted by the First Line of Defense to ensure alignment with the organization’s risk appetite and control requirements for IT vendors and partners. * Act as a key contact for internal audits, external audits, and regulatory inspections; coordinate evidence collection, remediation tracking, and closure * Conduct periodic and regulatory report to SBV/CIMB Group for security matters. Job Specification * Bachelor’s degree in Computer Science, Cybersecurity, Information Technology or a related field. * 3+ years of hands-on experience in IT security governance, policy management or comparable role (preferably in banking/financial services). * Professional certification such as CISSP, CISM, or equivalent is highly desirable. Technical & Functional Skills * Deep understanding of network and host hardening, firewall/VPN architectures, IDS/IPS, hand-on experience in using source-code scanning tools. * Familiarity with vulnerability-assessment frameworks, risk management methodologies (ISO 27001, NIST 800-53, CIS). * Have capability to research, integrate new security solutions to current process/system. * Working knowledge of regulatory guidelines (e.g. SBV Circular 09, 50, 13). * Experience auditing security controls and reviewing technical change requests. * Strong analytical skills to interpret risk reports and translate into clear policy requirements. Personal skills * Excellent stakeholder management and communication-able to present policy to both technical teams and senior management. * Rigorous attention to detail and a methodical, compliance-driven mindset. * Ability to influence without authority and drive policy adoption. * Inquisitive approach to new threats and security technologies. With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample. #teamCIMB is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.

Responsibilities

The Assistant Manager will develop and enforce information security policies while governing cloud security controls and managing identity access. They will also supervise security assessments, coordinate audits, and collaborate with cross-functional teams to mitigate operational security risks.