Assistant Vice President, IT Security VN

• Define and implement the bank’s IT security strategy, policies, and frameworks.
• Oversee IT Security Governance, ensuring compliance with regulatory and internal standards& policies.
• Lead Security Operations to implement relevant tools/reports to monitor, detect, and respond to cybersecurity threats and incidents.
• Manage security risk assessments, vulnerability management, and penetration testing of day to day on going development.
• Coordinate with other departmens within D&T and other division such as Risk, business units,.. to embed security in practice and system changes.
• Report cybersecurity posture and risks to senior management and relevant committees.

• Bachelor's Degree in the relevant discipline (Software Engineering/Computer Science/ etc.)
• Master Degree in Software Engineering/Computer Science would be a plus

• CISSP, Google Cloud Cybersecurity Professional certificates would be a big plus

• Minimum 7 years of working experience, with at least 5 years of working experience in multiple Security domains (Security Governance, DevSecOps, Security Operation,…
• Experience working in Thread Hunting for large Security Company is a big plus
• Minimum 3 year experience in team management

 

Technical/Functional skills

• Strong knowledge of cybersecurity frameworks (e.g. ISO 27001, NIST, CIS Controls) and regulatory compliance (e.g. SBV Circular 09, 50, 13, GDPR, PCI-DSS).
• Proven experience in managing Security Operations Center (SOC), threat detection, incident response, and SIEM platforms.
• Expertise in network security, firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection, hands-on experience with endpoint detection & response (EDR), network IDS/IPS, and log management.
• Experience with identity and access management (IAM), encryption, and data loss prevention (DLP) solutions.
• Familiarity with secure software development practices, DevSecOps, and source code vulnerability management.
• Proficiency in conducting risk assessments, security audits, and defining technical security architecture.,
• Having Google Cloud Cybersecurity Professional would be big plus.

Personal skills (Soft Competencies [Core/Leadership])

• Excellent stakeholder management and communication—able to present policy to both technical teams and senior management.
• Rigorous attention to detail and a methodical, compliance-driven mindset.
• Ability to influence without authority and drive policy adoption.
• Team coaching 

With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample.  #teamCIMB  is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.