Information Security Lead

VUS
189 Nguyễn Thị Minh Khai, District 1, Ho Chi Minh
22 days ago

Job Description

Position Objective:

Information Security Lead required to manage and deliver risk assessments for suppliers and enterprise-wide projects. The role will be focused on delivering high level risk assessments as well as overseeing lower level risk activities.


Responsibilities:

Key duties and responsibilities but are not limited to those listed below:

  • Lead and manage high, medium and low risk assessments for both supplies and projects.
  • Perform technical project and supplier risk assessments.
  • Ensure projects comply with the company’s information security policies.
  • Consult with stakeholders on key controls and security requirements.
  • Consult on remediation plans once risk assessments have been conducted.
  • Act as the main point of contact for all risk assessment and remediation.

Strategic Support

  • Work with managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the managers with a realistic overview of risks and threats in the enterprise environment.
  • Lead the preparation of institutional Information Security audits.
  • Monitor and report on compliance with security policies, as well as the enforcement of policies across the VUS Campuses.
  • Evaluation of compliance with stakeholder requirements, including response to requirement specifications from potential funders such as research councils & government departments.
  • Evaluate and update to new & existing policies and procedures to ensure operating efficiency and regulatory compliance.
     

Architecture / Engineering Support

  • Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software as part of Privacy by Design and Default.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
  • Develop a strong working relationship with the Application, Infrastructure, IT Support to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

  • Manage and coordinate operational components of security incident management, including detection response and reporting.
  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  • Manage security projects and provide expert guidance on security matters for other IT projects.
  • Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Liaison & Networking – Information Security Liaison

  • Provide Information security communication, awareness and training to the appropriate VUS staff and students.
  • Engage effectively with appropriate external networks and external professional bodies.
    Other duties.
  • Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
  • Continuously improve processes and implement tools for policy management.

Your Skills and Experience

  • Age: 25-35
  • Bachelor’s degree in computer science or related field or related experience.
  • Essential criteria Degree or equivalent qualification in Information Systems security or related technical discipline or relevant experience.
  • Desirable Certified Information Systems Security Professional (CISSP).
  • Proven experience in an information security role including experience of developing Information Security policies and plans.
  • Working knowledge of the Data Protection Act (1998) and the incoming General Data Protection Regulations (GDPR).

Why You'll Love Working Here

  • Friendly and dynamic working environment.
  • English scholarships for yourself & your family (up to 100% tuition support).
  • Take part in many exciting projects, develop young talents in team & become key member of the organization.
  • Company trip, Team building.
  • 13th month bonus, KPI Bonus.
  • Personal Healthcare.
  • Other attractive benefits will be discussed further in the interview.

Your English - Your Future