Senior Manager, Information Security (40001091)

Job Purpose

The Job Holder:
- Manage all activities of the Information Security Administration Department to ensure the security of identity and access, network, terminal equipment and data of the bank.
- Develop strategies and direct the implementation of information security management strategies in line with the common technology strategy of the Technology Division and the Bank.

Key Accountabilities (1)

1.Develop strategy and action plan
- Develop an information security management strategy, orient the operation of the information security management department.
- Develop the department's annual action plan to meet the business and operational needs of the bank.
- Participate in developing/advising on the general strategy of the information security unit.

Key Accountabilities (2)

2. Managing the operation of functional departments
Responsible for guiding, assigning, checking, monitoring and adjusting the activities of functional departments, including:
- Activities of building/adjusting and implementing MTPQ of systems.
- Development of requirements and measures to control access and protect the bank's data.
- Activities of building, maintaining and optimizing security policies/rules/configurations for security solutions such as: Security solutions for access identity management (PAM, IAM...); Network security solutions (Firewall, NAC, APT, NetIPS, DDOS...); Terminal security solutions (AD GPO, HIPS/HFW, Appcontrol, Web/mail filtering, DB security...); Data security solutions (DLP, FAM...).
- Activities of appraising, evaluating and reviewing the implementation of decentralization to ensure compliance with the decentralized matrix.
- Activities of appraisal, evaluation and review of the issuance and revocation of privileged accounts and digital certificates on technology systems.
- Appraisal, assessment and review of exception requirements related to identity and access rights on technology systems
- Activities of appraisal, assessment and review of change requirements on security assurance solutions.

3. Risk management and compliance
- Identify risks of the department during operation, ensure compliance with the bank's processes and regulations. Coordinate with relevant units to develop methods of measuring, assessing and mitigating risks.

Key Accountabilities (3)

PEOPLE MANAGEMENT
- Attract, onboard and retain the right talents for a high- performing team
- Communicate team and individual KRAs/ KPIs, goals, action plan, expectations and results to team members
- Manage team performance & provide feedback regularly (following the annual performance management cycle);
- Enable team member’s professional and personal development through capability assessment, training, coaching & feedback, etc.
- Motivate and recognize team members’ contributions towards the team’s shared goals
- Responsible for developing talents within the team
- Act as a role model and promote corporate culture at sub- function level
- Understand & communicate relevant HR offerings to team members.

Key Relationships - Direct Manager

CISO

Key Relationships - Direct Reports

Employees under the department of 20 members includes:

• Network security team
• Identity team
• Endpoint & DB security team

Key Relationships - Internal Stakeholders

Other related departments in the bank

Key Relationships - External Stakeholders

Information security solutions/services companies, quick incident response organizations…etc.

Success Profile - Qualification and Experiences

Qualification:
- University degree in IT or electronics or telecommunications or related fields
- Having certificates of security ISC2 SSCP, CISSP is an advantage
- Having certificates of companies providing security solutions such as Microsoft/Cisco/PaloAlto/Checkpoint/Cyberark/Sailpoint…
- Foreign language: English according to TCB criteria from time to time
Experience:
- Having experience in managing information security management in financial / service / telecommunications organizations from 8+ years. The experience includes the following aspects:
- Management role in the field of information security management (04 years or more)
- Experience in research, design and implementation in the field of information security in the following areas: Network security, terminal security, identity and access, data security (06 years or more)
Agile Product Development Experience