Head of IT Security and Compliance

Job Responsibilities

• Responsible and accountable for establishing and maintaining a policy and procedures of information security program to ensure that bank information and assets are adequately protected. And insuring consistency with regulatory and compliance require the bank and NBC. This includes, but is not limited to PCI, NIST, ISO, ITIL and CobiT
• Regularly review and update security policies, procedure, practices, awareness training program and standards that related to security with information technology system, infra, applications, voice and data communications within the bank, including employee, vendor and customer use and access to banking system and infra.
• Evaluate, choose, adapt to drive the implementation of security standards and risk management program to ensure the integrity, confidentiality and availability of the bank system and data.
• Regularly review, update, develop and test the disaster recovery policy and procedure to ensure that bank services are recovered in the event of a declared disaster.
• Responsible for identifying, evaluating and reporting on information security risks to all levels of the bank.
• Responsible for monitoring intrusion detection/prevention, log, user and system behavior analytic, virus, malware, data loss prevention, forensics, and event monitoring system.
• Regularly review, update, training and testing security awareness training program to all staff level in the bank.
• Coordinate the performance of internal and external network and system vulnerability assessment and penetration tests.
• Quarterly reports to RMC on cyber security, incident, and security testing result.
• Other duties as assigned

Job Requirements

• Bachelor’s in an IT degree or equivalent
• Minimum of 5 years’ experience in combination of risk management and information technology security.
• Demonstrated understanding of technology trends and development in the areas of information security, application, app, web, cloud technology security risk.
• Knowledge and direct experience with ISO 27002, NIST, ITIL and CobiT.
• Knowledge of IT technology including ISO/IEC, LAN/WAN architectures, SD-WAN, Radius, firewalls, SSO/SAML, SaaS/Cloud, SDLC, Microsoft, oracle and opensource technology.
• Knowledge and direct experience with vulnerability management, SIEM, Log management, proxy servers, DLP, IPS/IDS, VPN, multiple-factor authentication, cryptography…
• Strong analytic and problem solving skills.