Việc làm này đã được thêm vào mục Việc làm đã lưu.
Bạn đã lưu tối đa 20 việc làm. Nếu bạn muốn lưu mới, hãy cập nhật Việc làm đã lưu.
3 Lý do để gia nhập công ty
- Big chance to build Fintech system, large data
- International & English environment
- Apply new Tech-Stack, Technology and more
Mô tả công việc
About Timo
Launched in 2015, Timo pioneered digital banking in Vietnam with a mission to make banking faster, simpler, and more accessible.
Today, as part of one of Southeast Asia’s leading digital financial services platforms, Timo is building secure, scalable, and customer-first digital banking experiences for millions of users across Vietnam.
We are looking for curious minds and driven talents from fintech, digital banking, and technology companies who are excited to move fast, build meaningful products, and help shape the future of banking in Vietnam.
About the Role
We are looking for a Senior IT GRC to assist in driving a robust Governance, Risk, and Compliance framework across Timo and Kredivo Group.
In this role, you will operate at the intersection of security governance, risk mitigation, and regulatory alignment. You will be responsible for promoting our information security framework, ensuring all products, systems, and third-party partnerships meet the highest international and local security regulations. Working closely with Timo's IT, engineering, and business stakeholders, you will drive systemic security resilience, conduct critical audits, and establish continuous feedback loops to protect Timo's digital banking platform and its customers.
You will report to the Infosec Lead.
What You Will Do
- Regulatory Compliance Management: Continuous monitoring and compliance maintenance with rigid Vietnamese Banking and Personal Data Protection regulations.
- Audit & Assessment Coordination: Lead, coordinate, and respond to at least annual cycles of strict internal and external audits—including regulatory inspections and critical compliance assessments.
- Governance & Policy Monitoring: Conducting regular policy compliance monitoring, internal control reviews, and governance structural updates across entities; continuously updating and refining internal policies, procedures, and standards to ensure strict regulatory compliance.
- International Standards Maintenance: Prepare evidence and drive annual assessments to maintain the PCI DSS Level 1 Standard certification.
- Identity & Access Governance: Leading the comprehensive User Access Review (UAR) program applications across internal and external core systems.
- Third-Party Risk Management (TPRM): Conducting comprehensive risk assessments and mitigation plans for all vendors and third-party partners.
- Security Culture: Driving and planning security awareness training across all business, technical units.
Why Join Us
- Help defend and govern one of Vietnam's leading digital banks and the customers who trust it.
- Work as part of Kredivo Group's regional security team (Vietnam, Indonesia, Singapore).
- Hands-on GRC and security resilience work across a real, large-scale fintech environment.
- Hybrid model: 4 days HCMC office, 1 day work from home.
Yêu cầu công việc
What We Are Looking For
Experience
- 3+ years of hands-on experience directly related to IT Security Governance, Risk, and Compliance (GRC).
- Proven track record of participating in or leading the implementation and assessment of international governance frameworks (PCI-DSS, ISO-27001).
- Experience operating in highly regulated, production-scale environments (Fintech, Banking, or Digital Services).
- Comfortable collaborating with cross-functional stakeholders, software engineers, and external third-party entities.
Skills & Expertise
- Frameworks & Methodologies: Deep, practical knowledge of GRC frameworks, security audit methodologies.
- Security Controls Familiarity: Strong fundamental knowledge of network security, IAM (Identity and Access Management), and enterprise security tools (Antivirus, Firewalls, SIEM, IDS/IPS, Cloud Security) to effectively review system configurations and access controls.
- Vendor Risk Assessment: Strong capabilities in defining, evaluating, and managing third-party security baselines.
- Professional Working English: Regular collaboration with Kredivo's regional Team and Timo's local teams.
Attributes
- Highly Responsible & Proactive: You don't wait for compliance gaps to be found; you actively collaborate to strengthen defenses.
- Pragmatic Communicator: You can translate complex security regulations and risk metrics into actionable steps for engineers and business leaders alike.
- Analytical & Structured: Exceptional attention to detail when conducting system-access audits and reviewing security policies.
Bonus Points
- Possession of professional security/auditing certifications: CRISC, CISA, CISM, CISSP, CGRC or equivalent.
- Prior experience navigating SBV (State Bank of Vietnam) and MPS regulatory requirements for digital banking.
- Experience in Cloud Environments and automated GRC workflows.
Tại sao bạn sẽ yêu thích làm việc tại đây
Our deliverable is a leading software that is changing the way people do banking. You will be proud of your work and you will share with everybody that you helped to build Timo.
You’ll be joining a team of experts who are technically savvy, creative, and who share the intention of reinventing banking in Vietnam. You work closely with international architects and front-end consultants, product managers, and designers to develop the system. You will learn a lot from them.
Company Benefits:
- Full benefits and salary during probation
- Premium health care insurance
- Competitive salary and learning culture
- Other benefits as per stated in Vietnamese Labor Law