Senior Officer, IT Security (Life Insurance Project)

The job holder is responsible for building, managing, participating in the development of one of the followingareas:a. IS Practice: Evaluate deployment, develop security solutions/Design, test information security/Ensurecompliance with security standards (of Vietnam and International)b. IS Administration: Manage and directly participate in administrative activities on identity and accesssecurity/network security/endpoint services and data securityc. IS Engieering: Manage and directly control the implementation of information security policies and standards forapplications, infrastructure of Techcombank and its partners and suppliers, ensure compliance with the Business'sinformation security requirements.d. IS Red team: Manage and directly perform testing attack activities for technology systems to detectvulnerabilities/weaknesses and provide solution guidance.e. IS Monitoring: Monitor detecting all attack events/incidents as quickly as possible (realtime) based on eventsaggregated from security systems as well as other technology components.Then alert relevant departments toinvestigate and react to that event/incident.1. Information Security Assurance- Participate in projects, developing and deploying technology to ensure Information Security for systems to bebuilt, including stages: analysis, building requirements Information security, design Information security, threatmodeling, source code review, testing and building controls to ensure Information Security.- Research and develop necessary information security solutions to prevent attacks and incidents Informationsecurity, ensure security and safety for the entire information system of the Business.- Coordinate with the Information Security supervisory department in handling information security incidents.- Set up and monitor the implementation of TCB's information security process, regulations, standards, guidelinesand policies in accordance with the regulations of the government and international organizations- Implement and maintain compliance with international standards PCI-DSS, ISO, SWIFT CSP.- Implement and maintain compliance with TCB's policies, circulars and regulations of the State Bank.- Regularly perform compliance and integrity checksof the security policy configuration in the internal system TCB detects violations or insider attacks.- Coordinate with Compliance Assessment and Risk Management units to assess the compliance of technologysystems according to policies, regulations, standards, processes, checklists.2. Information Security Red team:- Implement the strategy to ensure information security:+ Participate in the implementation of the Information Security strategy by providing input data on attack trends,forms of exploitation and risks arising in each period.+ Participate in the implementation of the annual information security implementation plan, meet the business andoperational needs of the bank through the implementation of information security testing programs for thetechnology activities of the Business.+ Develop penetration testing methods, information security scanning scripts and security checks according tointernational standards such as OSSTMM, Sans and OWASP.+ Develop new techniques, exploit scripts and programs for automated penetration testing- Perform test attack activities:+ Directly perform vulnerability detection review, vulnerability assessment, and conduct penetration/exploit testingperiodically or at the request of the Block leader for all systems/applications ; Penetration testing forsystem/application after live detection or whenever undergoing a major change. Testing methods must ensurepracticality including both technical (technology) and non-technical (people, processes, physical assets). Fromthere, provide CISO as well as other Information Security departments to have programs to deal with the problemsof system weaknesses that can be exploited.8/11/25, 3:40 PM Job Description Print Previewhttps://hcm44.sapsf.com/xi/ui/rcmcommon/pages/jobReqPrintPreview.xhtml?drawButtons=true&jobID=42179&isExternal=true&jobReqPreviewSecKey… 1/3+ Perform regular vulnerability scans, information security checks to find vulnerabilities in the system and provideremedial / remedial solutions; supports maintaining compliance with world security standards such as PCI-DSS,ISO27001, SCP (swift).+ Develop and manage vulnerability management program, threat intelligence database. Collect, track metrics,and analyze trends on cyber defenses, threats, detected attacks, vulnerabilities, andcountermeasures/preventions.+ Actively research / find new vulnerabilities, exploitation techniques and cyber threats; Identify trends incybersecurity involving tactics, techniques, and processes, targeting for malware development and deployment.+ Directly participate in the experimental plan of responding to an Information Security incident as an attack unitand in the case of an actual Information Security incident as the response team. Coordinate and provide expertcyber defense engineering skills to resolve cyber attack incidents3. Information Security Administration- Building/adjusting and implementing MTPQ of systems.- Develop requirements and measures to control access and protect the Business's data.- Develop, maintain and optimize information security policy/rule/configuration for solutions to ensure informationsecurity such as: Information security solutions on access identity management (PAM, IAM…); Network informationsecurity solutions (Firewall, NAC, APT, NetIPS, DDOS...); Information Security solutions on endpoints (AD GPO,HIPS/HFW, Appcontrol, Web/mail filtering, DB security…); Information security solutions on data (DLP, FAM...).- Assess, evaluate, review:+ Decentralization enforcement ensures compliance with the decentralized matrix.+ The issue and withdrawal of privileged accounts and digital certificates on technology systems.+ Exception requirements related to identity, access rights on technology systems+ Change requirements on information security assurance solutions.- Risk management and compliance+ Identify risks of the department in the process of operation, ensuring compliance with the processes andregulations of the Business. Coordinate with relevant units to handle risks.+ Perform risk treatment activities according to reports of internal/external audit departments.