Information Security Specialist

I. Job Purpose:Participate in and directly carry out: defining security requirements and designing information security for systems and applications; performing penetration testing; deploying and enhancing systems and applications in use or under development with the goal of strengthening information security capabilities and promptly identifying potential vulnerabilities to propose remediation measures.Manage and implement information security standards at Techcombank in compliance with Vietnamese and international security regulations.Establish and maintain compliance with information security policies and regulations. Timely address risks to ensure the overall information security of the bank.II. Key Accountabilities:1. Information Security Responsibilities: • Join development and technology deployment projects to ensure security throughout the system lifecycle, including: security requirement analysis, secure design, threat modeling, source code review, security testing, and implementation of appropriate security controls. • Research and develop information security solutions to prevent cyber-attacks and incidents, ensuring safety and security across the bank’s entire information system. • Collaborate with the Security Monitoring team to participate in incident response and resolution. • Establish and oversee the implementation of information security processes, regulations, standards, guidelines, and policies in line with government requirements and international best practices. • Implement and maintain compliance with international standards such as PCI-DSS, ISO, SWIFT CSP. • Ensure ongoing compliance with internal Techcombank policies and with circulars and regulations issued by the State Bank of Vietnam. • Regularly audit the configuration and integrity of internal security policies and systems at TCB to detect violations or potential insider threats. • Coordinate with Compliance Assessment and Risk Management units to evaluate the system’s compliance with policies, regulations, standards, procedures, and checklists.2. Other Responsibilities: • Design and deliver security awareness and training programs for bank staff. • Research and apply information security standards and frameworks suitable for the banking environment. • Perform other duties as assigned by management.