Manager, IT Security, Technology Management VN at CIMB Vietnam

, , Vietnam -

Full Time

Start Date

Immediate

Expiry Date

03 Jun, 26

Salary

0.0

Posted On

05 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Strategy, Security Systems Implementation, Threat Identification, Security Architecture Design, Vulnerability Testing, Risk Analysis, Firewall Management, VPN Management, IDS Scanning, Programming, Policy Definition, Incident Response, Automation, CI/CD, DevSecOps, Infrastructure Security

Industry

Banking

Description

Key Responsibilities * • Develop a complete understanding of a company’s technology and information systems • Design, build, implement and support enterprise-class security systems • Align organizational security strategy and infrastructure with overall business and technology strategy • Identify and communicate current and emerging security threats • Design security architecture elements to mitigate threats as they emerge • Plan, research and design robust security architectures for any IT project • Perform or supervise vulnerability testing, risk analyses and security assessments • Create solutions that balance business requirements with information and cybersecurity requirements • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers. • Test security systems to ensure they behave as expected. • Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications. • Provide supervision and guidance to a security team. • Define, implement and maintain corporate security policies and procedures. • Train users in implementation or conversion of systems. • Respond immediately to security-related incidents and provide thorough remedial solutions and analysis. • Regularly communicate vital information, security needs and priorities to upper management. • Work as part of a team of software and security engineers, with a high degree of freedomto design and build best-in-class offerings. • Point of contact for product teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps. • Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team. • Design and test solutions to unique and interesting challenges. • Investigate security breaches and other cyber security incidents. • Document security breaches and assess the damage they cause. • Recommend remediation for security breaches. • To identify and eliminate manual processes using automation for areas involving information security. • Seeking to build in security during the development stages of software systems, networks and data centres. • Looking for vulnerabilities and risks in hardware and software. • Finding the best way to secure the IT Infrastructure of an organization. • Building firewalls into network infrastructures. • Constantly monitoring for attacks and intrusions. • When the cybersecurity specialist finds a potential threat or attempted breach, closing off the security vulnerability. • Identifying the perpetrator and liasing with the police if necessary. Requirements: University degree in fields of Computer Science; Information System Engineer, Management Information System or equivalent required. CCSP, Security+, CKS (Certified Kubernetes Security), ITIL. • Recognised certifications for industry accpeted IT governance standards such as ITIL is an advantage Minimum 5 years working in IT fields with at least 3 yearfrom Information Security. Technical/Functional skills • Experience with infrastructure vulnerability and penetration testing and techniques• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts. • Ability to identify and mitigate network vulnerabilities and explain how to avoid them. • Understanding of patch management for servers and end units with knowledge of how patches are deployed and understanding the business impact • Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies • Security Configuration of Windows, Linux, DBMS (MS SQL/MySQL). • Good technical understanding of enterprise IT; web applications, databases, operating systems, server/desktop hardware, mobile devices and networking technologies. • Good knowledge of information security controls, guidelines and standards, ISO, NIST, OWASP • Familiar with regulatory guidelines such as SBV’s Circular 09, Circular 20 Personal skills (Soft Competencies [Core/Leadership]) • Ability to multitask, proactive, build relationships and interact/network effectively with internal and external parties. • Problem solving skills • Flexible and team work With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample. #teamCIMB is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.

Responsibilities

The manager will be responsible for developing a deep understanding of company technology, designing and supporting enterprise security systems, and aligning security strategy with overall business objectives. Key duties include identifying emerging threats, performing risk analyses, reviewing security configurations, and leading the implementation and maintenance of corporate security policies and procedures.