Information Security Officer (Risk Management Department) 

Duties and Responsibilities 

• Managing IT security projects
• Conducting Information Security Awareness sessions
• Assist related teams for implementing IT security controls
• Enforcing and maintaining the organization’s Information security policies & standards
• Gap analyzing and reviewing of security controls implementation for mandatory compliance standards such as PCI DSS, CBM-NET and Swift Mandatory Security Controls, and Western Union Security Requirements
• Review and advice improvements to security technical setups and configuration to ensure compliance with organization policy/standards and regulatory requirements
• Regularly review the effectiveness of security controls such as firewalls (Web, Database), IDS/IPS, VPN, Endpoint protection system, Data Loss Prevention, File Integrity Monitoring and Vulnerability management system, etc.
• Conducting internal vulnerability scanning activities
• Act as Security officer for HSM key ceremonies to comply with PCI PIN standard
• Evaluation of vendors for new security solutions based on organization’s evaluation criteria
• Conducting security assessment for new technical systems before going live to production and critical systems frequently

Requirements 

• B.Tech (IT) / B.E (IT) / Bachelor degree in Computer Science or other equivalent in IT
• Have at least 3 years of working experience in financial industry (Information Security professional certifications is preferable!)
• Good experience or strong knowledge in Information Technology risk management, Threat & Vulnerability management, Employee security awareness program, Security monitoring & Incident management, Physical security, System/Application/Network security, Security operations
• Good interpersonal skill, stakeholder management skill, strong problem solving and analytical skill, decision making skill
• Strong understanding of Information security standards such as PCI DSS, ISO 27000 Series, etc. Technical clarity and understanding of Firewall, VPN, Multifactor Authentication, IPS/IDS, Endpoint Security, Log and Event Management (SIEM), etc
• Proficient in English (Written and Verbal)
• Myanmar Nationality only