The duties & responsibilities of Assistant Vice President (Information Security Officer) under Risk Management Department as follows:

- Assist in the planning of information security related matters and monitor & supervise compliance with international security regulations
- Overseeing information security, IT risk management programs and risk management frameworks and administer of IT security solutions
- Managing IT security projects
- Conducting Information Security Awareness sessions
- Enforcing and maintaining the organization’s Information security policies & standards
- Gap analyzing and reviewing of security controls implementation for mandatory compliance standards such as PCI DSS, CMB-NET and Swift Mandatory Security Controls, and Western Union Security Requirements
- Review and advice improvements to security technical setups and configuration to ensure compliance with organization policy/standards and regulatory requirements
- Regularly review the effectiveness of security controls such as firewalls (Web, Database), IDS/IPS, VPN, Endpoint protection system, Data Loss Prevention, File Integrity Monitoring and Vulnerability management system, etc
- Conducting internal vulnerability scanning activities
- Act as Security officer for HSM key ceremonies to comply with PCI PIN standard
- Conducting security assessment for new technical systems before going live to production and critical systems frequently
- Identify, assess, provide response plans for technology/information risks
- Track, monitor and timely respond to security threats and incidents via SIEM system and according to predefined policy and procedures
- Always research latest information security news/forums and apply required controls to bank’s policies, processes, technologies
- Administering and reporting End point security, to against PC/Servers virus infection, data leak prevention
- Configuration, fine-tuning, monitoring, managing Cloud WAF/DDoS protection, Endpoint security, File integrity monitoring, SIEM systems, etc
- Monitoring and reporting Opex/ Capx for Information Security systems

- Graduate with major in Information Security or related to IT field will be advantageous
- Information security experience in financial or telecommunication industries
- Good experience or strong knowledge in Information Technology Risk Management, Threat and Vulnerability management, Employee security awareness program, Security Monitoring & Incident Management, Physical Security, System/Application/Network Security and Security operations
- Effective communication and interpersonal skills
- Strong problem solving and analytic skill
- Strong understanding of security standards such as PCI DSS, ISO 27000 Series, etc.
- Technical clarity and understanding of Firewall, VPN, Multifactor Authentication, IPS/IDS, Endpoint Security, Log and Event Management (SIEM), etc.