Hồ Chí Minh | Security Risk & Compliance Manager

Accountabilities:

1. Security Governance

• Establish and maintain a comprehensive security governance framework.
• Develop and enforce security policies, procedures, and controls.
• Ensure compliance with industry standards and regulations.
• Collaborate with stakeholders to promote security awareness and best practices.

2. Policies & Controls

• Create, update, and manage security policies and controls.
• Ensure consistent application of security policies across the organization.
• Conduct regular reviews and updates to policies to reflect evolving threats and compliance requirements.
• Ensure policies contain key controls and verify these controls with Group IT and local BUs.
• Cooperate with finance for executing the controls using their tooling.
• Cooperate with QA for storing policies using their tooling.

3. Risk Management

• Identify, assess, and manage security risks across IT and business environments.
• Develop risk mitigation strategies and action plans.
• Perform regular risk assessments and audits to ensure compliance with risk management policies.
• Align with the business on risks and important topics such as IT continuity and disaster recovery.

4. 3rd Party Risk Management

• Assess and manage risks associated with third-party vendors and partners.
• Ensure third-party security practices align with organizational policies and standards.
• Establish and maintain third-party risk management procedures and controls

5. Exception Management

• Manage and document security exceptions and deviations from established policies.
• Ensure proper approval and tracking of exceptions.
• Develop strategies to minimize exceptions and improve compliance.

6. Dashboarding & Metrics

• Develop and maintain a comprehensive reporting dashboard that includes operational security, compliance, and risk management sections.
• Provide regular reporting on security posture and compliance status to senior management.
• Develop and periodically deliver a security dashboard with outcome-driven compliance and risk metrics. Aim to achieve near real-time reporting capabilities over time.
• Utilize metrics to drive continuous improvement in security practices.
• Perform hands-on tasks to determine what should be included in the operational security section of the dashboard.
• Act as the owner of the reporting dashboard, ensuring its accuracy and relevance.

7. Audit

• Conduct internal audits to verify compliance with security policies and standards.
• Collaborate with external auditors and regulatory bodies during compliance audits.
• Develop and implement corrective actions based on audit findings.

8. Project Participation

• Participate in security-related projects as a Subject Matter Expert (SME).
• Help in the design of controls and/or requirements for SOC use cases.
• Assist in Business Impact Analyses (BIA) and risk assessments.

Job Requirements:

1. Qualifications

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Master's degree preferred. · Relevant certifications such as CISSP, CISM, or CRISC are highly desirable.

2. Experience

• Minimum of 8 years of experience in security risk management and compliance.
• Extensive knowledge of governance frameworks, including NIST, ISO27001, and other relevant standards.
• Proficiency in developing and managing security policies, controls, and risk management processes.

3. Competencies

• Strong analytical and problem-solving skills, with the ability to assess complex security scenarios and develop effective solutions.
• Excellent communication skills, both written and verbal, with the ability to convey technical concepts to non-technical stakeholders.

4. Language(s)

• Fluency in English, both speaking and writing, as communication with teams across our global organization is required.

5. Other Requirements

• Full-time position based at any Global hub location, such as Asia or Africa.
• Occasional travel may be required for collaboration with global IT teams and participation in security conferences and workshops.