An Exciting Opportunity for ...
The duties & responsibilities of Assistant Vice President (Information Security Officer) under Risk Management Department as follows:
- Assist in the planning of information security related matters and monitor & supervise compliance with international security regulations
- Overseeing information security, IT risk management programs and risk management frameworks and administer of IT security solutions
- Managing IT security projects
- Conducting Information Security Awareness sessions
- Enforcing and maintaining the organization’s Information security policies & standards
- Gap analyzing and reviewing of security controls implementation for mandatory compliance standards such as PCI DSS, CMB-NET and Swift Mandatory Security Controls, and Western Union Security Requirements
- Review and advice improvements to security technical setups and configuration to ensure compliance with organization policy/standards and regulatory requirements
- Regularly review the effectiveness of security controls such as firewalls (Web, Database), IDS/IPS, VPN, Endpoint protection system, Data Loss Prevention, File Integrity Monitoring and Vulnerability management system, etc
- Conducting internal vulnerability scanning activities
- Act as Security officer for HSM key ceremonies to comply with PCI PIN standard
- Conducting security assessment for new technical systems before going live to production and critical systems frequently
- Identify, assess, provide response plans for technology/information risks
- Track, monitor and timely respond to security threats and incidents via SIEM system and according to predefined policy and procedures
- Always research latest information security news/forums and apply required controls to bank’s policies, processes, technologies
- Administering and reporting End point security, to against PC/Servers virus infection, data leak prevention
- Configuration, fine-tuning, monitoring, managing Cloud WAF/DDoS protection, Endpoint security, File integrity monitoring, SIEM systems, etc
- Monitoring and reporting Opex/ Capx for Information Security systems