Information Security Executive

All qualified candidates will be given fair consideration. Per GDPR, any CV or personal information you submit will be used strictly for recruitment. Your data will be processed based on legitimate interest, securely stored, and not shared outside the recruitment process.

About The Company

Our client is a consulting firm specializing in digital transformation, IT strategy, and regulatory compliance across Southeast Asia. They offer a dynamic international environment where consultants contribute to impactful, tech-enabled transformation projects. This role will be employed by them and deployed to one of their key clients.

Opportunity Details

• Working Location: Ho Chi Minh City, Vietnam (on-site at client location)

• Working Time: Standard business hours

• Employment Type: Full-time

• Compensation: According to the market benchmark

• Benefits: As per the Labor Law

• Reporting Line: Reports to COO

• Team Management: None

Role Purpose

The Information Security Executive will support the client in the delivery and oversight of all information security initiatives. This includes monitoring cybersecurity operations, ensuring compliance with relevant standards, and improving the overall security posture through proactive risk management and technical expertise.

Main Objectives

• Ensure timely remediation and revalidation of vulnerabilities reported in penetration tests

• Maintain compliance with the client's security frameworks and operational procedures

• Coordinate risk management and support incident response with clear documentation and reporting

Responsibilities

• VAPT Monitoring:

  • Oversee remediation of low-impact vulnerabilities from pentest reports

  • Track revalidation and ensure issues are resolved

• Security Operations Center (SOC):

  • Align SOC standard operating procedures with internal standards

  • Support incident handling preparation and response

• Cyber Awareness:

  • Support implementation of internal cyber awareness programs

• Cyber Insurance:

  • Prepare documentation required for cyber insurance

  • Support discussions with brokers by providing technical input

• Disaster Recovery / Business Continuity Plans (DRP/BCP):

  • Prepare relevant elements for DRP/BCP

  • Assist in activating and supporting client teams during incidents

• Third-Party Applications Analysis:

  • Define scope of responsibility between client and third parties in app projects

  • Recommend actions to ensure compliance with internal standards

• IT Management:

  • Maintain IT asset list in GLPI

  • Oversee ticket handling system configuration

  • Maintain records of processing activities

• Risk Management & Incident Reporting:

  • Coordinate risk management following internal standards

  • Provide leadership with an overview of current risk posture

• Compliance:

  • Conduct gap analysis and maintain action plans for standards such as ISO 27001 and PDPD

  • Ensure compliance with internal and regulatory frameworks

• General Support:

  • Identify roadblocks to project delivery and proactively address them

  • Present progress reports and maintain thorough documentation

Candidate Profile

Education & Qualifications

• Bachelor's degree in Information Security, Computer Science, or related field

• Master’s degree preferred

• Cybersecurity or project management certifications (e.g., Security+, CISSP, PMP, PRINCE2) are a plus

Professional Experience

• 5+ years in information security roles

• Proven experience managing security projects end-to-end

• Familiarity with SOC, VAPT, incident response, and third-party risk management

• Experience working in fast-paced environments with international exposure

Technical Skills

• Strong knowledge of information security frameworks (e.g., ISO 27001, GDPR, PDPD)

• Experience with Azure and cloud security (preferred)

• Familiar with asset tracking (e.g., GLPI) and risk documentation

• Proficient in English and Vietnamese

Behavioral Competencies

• Strong communication and presentation skills

• Able to collaborate cross-functionally and work independently

• Detail-oriented and proactive in identifying risks and ensuring compliance

Knowledge Domain

• Information Security frameworks and compliance standards

• Risk and incident management processes

• Cloud and infrastructure security (Azure preferred)