IT Compliance Auditor (Junior)

Location: Ho Chi Minh City, Vietnam,None,None

Responsibilities

As an IT Compliance Auditor within the IT GRC team (a core sub-team of the Information Security & Data Privacy Department), you will play a critical role in driving risk-informed decisions, maintaining regulatory compliance, and reinforcing our information security governance across the organization.
You will be responsible for conducting security risk assessments, compliance audits, and managing policy and procedures, working closely with InfoSec, HR, Legal, and relevant IT teams. This role will also contribute to third-party risk evaluations, security awareness initiatives, and the tracking of regulatory requirements and commitments. Specifically, you will:

• Compliance Auditing:
  + Periodically evaluate IT process compliance with internal policies and external frameworks (e.g., ISO 27001, PCI-DSS, NIST, CSA).
  + Collect audit evidence, document findings, and prepare detailed reports for the Head of InfoSec and CTO.
  + Track identified gaps, follow up with responsible teams, and monitor remediation status.
  + Maintain a centralized repository of compliance requirements derived from: National laws & regulations; Customer/partner policies; and Industry standards
• Risk Assessment: 
  + Support the development and continuous enhancement of the IT Risk Management Framework and templates aligned with industry standards.
  + Maintain an updated IT risk register capturing: Identified risks and gaps; Business impact and remediation plans; Risk owners and timelines; and Monitor risk treatment plans to ensure timely resolution.
• Security Awareness Training: 
  + Periodically review and update awareness training materials to reflect new threats, updated policies, and best practices.
  + Coordinate with HR and department heads to track training completion and test results.
  + Conduct targeted refresher sessions and promote a culture of security awareness through creative campaigns and communications.
• Third-party Risk Assessment: 
  + Support the implementation of vendor risk management processes, including evaluation of security controls and contract compliance.
  + Respond to security questionnaires from customers, regulators, and partners.
  + Work cross-functionally to gather required documentation and evidence for assessments.
  
  

Requirements

• Bachelor's Degree in Computer Science or related IT field.
• At least 1 year of experience in IT compliance audit and risk assessment.
• Experience or familiarity with security frameworks such as ISO 27001, PCI-DSS, NIST, and CSA.
• Demonstrated capability to communicate within InfoSec team and relevant teams for auditing.
• Basic knowledge for security concepts and best practices on Native clouds, API, Infra as a Code and Container technology.

What we offer

• Competitive compensation package, including 13th-month salary and performance bonuses
• Comprehensive health care coverage for you and your dependents
• Generous leave policies, including annual leave, sick leave, and flexible work hours
• Convenient central district 1 office location, next to a future metro station
• Onsite lunch with multiple options, including vegetarian
• Grab for work allowance and fully equipped workstations
• Fun and engaging team building activities, sponsored sports clubs, and happy hour every Thursday
• Unlimited free coffee, tea, snacks, and fruit to keep you energized
• An opportunity to make a social impact by helping to democratize credit access in emerging markets

About us

We are an AI Fintech company specialized in assessing credit profiles of consumers in emerging markets combining pioneering AI with large alternative data sources. In 2020 we reached our ambitious milestone of credit profiling 1bn consumers spanning 4 countries - Vietnam, Indonesia, India & the Philippines - and building a platform for the wider industry and the financial services industry in particular to provide the 'un & under' served access to credit. At the core of this initiative has been our strict and unwavering adherence to the norms of consumer data privacy and consumer data rights.

But we're not satisfied as we embark on the next leg of our journey to deliver 100 million credit lines to consumers in the markets where we operate. Although this goal is ambitious, we truly believe that by harnessing the power of AI & Big Data we can deliver financial access at unprecedented scale.

As a firm, we're audacious problem solvers motivated by our impact on society. We deeply espouse the values of ownership - of our actions and initiatives, integrity in all we do and agility in execution.

We place great importance on doing what is right, what is best and what is innovative. And we are seeking people to champion these values and beliefs as we grow. Trusting Social is looking for DevSecOps. If you are smart, driven and want to make a difference in the world with the most advanced and fascinating technology, come join our team. We can satisfy your desire to explore new territory and give you the runway to really make an impact. 

Learn more about us here:

https://www.youtube.com/watch?v=inAEDGvOcL8&t=29s