- Open to Vietnamese willing to relocate
- Relocation package is sponsored
JOB PURPOSE
This role will be a combination of ISO role and PCI role.
The Information Security Officer (ISO) is assigned to Security Assurance Manager. The ISO has overall responsibility for the effective implementation and maintenance of the Information Security Management System (ISMS). Furthermore, the ISO oversees the fulfilment of Information Security requirements in all services. The scope of ISO covers several Business Units (usually the entire or part of Europe, Americas or APAC regions). The PCI Compliance Officer is assigned to Security Assurance Manager. The PCI Compliance Officer provides advice on compliance matters related to Payment Cards Industries standards/ frameworks.
JOB DESCRIPTION
1. ISO
- Each Information Security Function shall be responsible for oversight of the related ISMS activities, risk identification and assessment, prevention and advice with respect to the Information Security Risk areas: of the local company and of the services provided to customers.
- The function is responsible for the effective implementation of Information Security principles. This includes to promptly report to the IS Function matters.
- In case of conflict of interests, the ISO shall refer a matter to the Security Assurance Manager and ultimately to the company.
2. PCI
- Define and help manage PCI DSS program
- Evaluate compliance against IT security policies, functional rules, controls and Payment
- Cards Industry standards
- Drive a distributed annual subsidiary assessment exercise
- Manage vendors that support PCI engagements (scoping, assessments, consultations, etc.)
- Manage non-planned PCI-related inquiries and provide/coordinate unified guidance to subsidiary and Amazon service teams
- Provide consultancy on PCI requirements, deliver recommendations and risk interpretations in a clear, concise and audience specific format.
JOB REQUIREMENTS
- Bachelor degree in Computer or higher in related fields.
- Recognized Information Security Certifications e.g. CISSP, CISM. CRISC or ISO27001
- Lead Auditor preferred
- Experience with internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Information Security experience related to risk management, controls assurance & compliance programs
- Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
- Information Security experience related to risk management, controls assurance & compliance programs
- Related security control and compliance experience in various frameworks including: PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
- Excellent communication skills, interpersonal, oral, and written in English
Interested candidates can contact Ms. Huong Nguyen via: huong.nguyen@employmentvietnam.com for further information.
