Information Security Lead

189 Nguyễn Thị Minh Khai, District 1, Ho Chi Minh
22 days ago

Job Description

Position Objective:

Information Security Lead required to manage and deliver risk assessments for suppliers and enterprise-wide projects. The role will be focused on delivering high level risk assessments as well as overseeing lower level risk activities.


Key duties and responsibilities but are not limited to those listed below:

  • Lead and manage high, medium and low risk assessments for both supplies and projects.
  • Perform technical project and supplier risk assessments.
  • Ensure projects comply with the company’s information security policies.
  • Consult with stakeholders on key controls and security requirements.
  • Consult on remediation plans once risk assessments have been conducted.
  • Act as the main point of contact for all risk assessment and remediation.

Strategic Support

  • Work with managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the managers with a realistic overview of risks and threats in the enterprise environment.
  • Lead the preparation of institutional Information Security audits.
  • Monitor and report on compliance with security policies, as well as the enforcement of policies across the VUS Campuses.
  • Evaluation of compliance with stakeholder requirements, including response to requirement specifications from potential funders such as research councils & government departments.
  • Evaluate and update to new & existing policies and procedures to ensure operating efficiency and regulatory compliance.

Architecture / Engineering Support

  • Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software as part of Privacy by Design and Default.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
  • Develop a strong working relationship with the Application, Infrastructure, IT Support to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

  • Manage and coordinate operational components of security incident management, including detection response and reporting.
  • Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
  • Manage security projects and provide expert guidance on security matters for other IT projects.
  • Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
  • Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Liaison & Networking – Information Security Liaison

  • Provide Information security communication, awareness and training to the appropriate VUS staff and students.
  • Engage effectively with appropriate external networks and external professional bodies.
    Other duties.
  • Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
  • Continuously improve processes and implement tools for policy management.

Your Skills and Experience

  • Age: 25-35
  • Bachelor’s degree in computer science or related field or related experience.
  • Essential criteria Degree or equivalent qualification in Information Systems security or related technical discipline or relevant experience.
  • Desirable Certified Information Systems Security Professional (CISSP).
  • Proven experience in an information security role including experience of developing Information Security policies and plans.
  • Working knowledge of the Data Protection Act (1998) and the incoming General Data Protection Regulations (GDPR).

Why You'll Love Working Here

  • Friendly and dynamic working environment.
  • English scholarships for yourself & your family (up to 100% tuition support).
  • Take part in many exciting projects, develop young talents in team & become key member of the organization.
  • Company trip, Team building.
  • 13th month bonus, KPI Bonus.
  • Personal Healthcare.
  • Other attractive benefits will be discussed further in the interview.

Your English - Your Future