(Senior) Security Auditor

Responsibility Overview:
Security Risk Management:

Lead periodic Information and Communication Protection (ICP) and Business Continuity Planning (BCP) tests.
Coordinate the regular updating and enhancement of VNG&039;s Information Security Management System (ISMS) documentation.
Safeguard the compliance of in- scope departments with established ISMS rules and regulations.
Assess and manage vendor profiles in accordance with our third- party risk management framework.
Create, manage, and update security awareness training programs to promote a culture of safety.

Information Security (IS) Processes:

Collaborate with team leaders to develop, review, and refine comprehensive information security processes.
Supervise and ensure the successful implementation of IS processes across relevant departments.

Universal IS Risk Management:

Maintain and annually update VNG&039;s universal IS risk management framework.
Identify, analyze, and implement treatment plans for various security risks.
Ensure the Risk Portal adequately supports key users.
Regularly review and update control effectiveness, non- conformity, and risk reports.

Compliance Management:

Collaborate with technical departments to implement certificates&039; requirements.
Support the Leader in implementing data governance and management programs.
Assist VNG&039;s products in acquiring IS- related certificates, such as ISO 27001, PCI DSS, etc.
Conduct regular IT Internal Audits, including planning, executing, and reporting on findings.

Qualifications and Skills:
Information Systems:

Understanding of architecture, including systems, network, and data.
Proficient in business statistics and its application in data analysis and analytics projects.
Demonstrated project management capabilities, with the ability to manage personal tasks and those of associates.
Proven business analysis skills.

Information Security:

Proficient understanding of operating systems, including Linux distributions and Windows.
Previous experience with Python usage.
Familiarity with network infrastructure.

Governance, Risk, and Compliance (GRC):

Ability to develop security policies, standards, and guidelines based on best practices and industry standards.
Prior experience and ability to define/enhance information systems auditing, monitoring, controlling, and assessment processes.
Understanding of security standards/regulations like PCIDSS, ISO27000 series, etc.

Interpersonal Skills:

Proactive and possess critical thinking and problem- solving skills.

Experience:

At least 4 years of experience working in Information Systems, Business Analysis, GRC, or IT consulting.

Laptop, Chế độ bảo hiểm, Du Lịch, Phụ cấp, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương, Nghỉ phép năm, CLB thể thao

Cập nhật gần nhất lúc: 2023-12-09 02:40:18