Việc làm Taekwang
Cập nhật 16/09/2024 15:17
Tìm thấy 2 việc làm đang tuyển dụng
Senior Officer, Information Security (40001098)
Taekwang
12 việc làm
0 Lượt ứng tuyển
Lượt xem 1
Tweet
Facebook
Copy Link
Thông tin cơ bản
Mức lương:
Thỏa thuận
Chức vụ:
Nhân viên
Ngày đăng tuyển:
02/09/2024
Hạn nộp hồ sơ:
10/10/2024
Hình thức:
FULL_TIME
Kinh nghiệm:
Không yêu cầu
Số lượng:
1
Giới tính:
Không yêu cầu
Nghề nghiệp
Ngành
Job Purpose
The job holder is responsible for building, managing, participating in the development of one of the following areas:
Senior Mangaer, Manager, Information Security
Key Relationships - Direct Reports
No
Key Relationships - Internal Stakeholders
Departments in the divisions
Key Relationships - External Stakeholders
Information security solutions/services companies, quick incident response organizations…etc.
Success Profile - Qualification and Experiences
Qualification
The job holder is responsible for building, managing, participating in the development of one of the following areas:
- IS Practice: Evaluate deployment, develop security solutions/Design, test information security/Ensure compliance with security standards (of Vietnam and International)
- IS Administration: Manage and directly participate in administrative activities on identity and access security/network security/endpoint services and data security
- IS Engieering: Manage and directly control the implementation of information security policies and standards for applications, infrastructure of Techcombank and its partners and suppliers, ensure compliance with the Bank's information security requirements.
- IS Red team: Manage and directly perform testing attack activities for technology systems to detect vulnerabilities/weaknesses and provide solution guidance.
- IS Monitoring: Monitor detecting all attack events/incidents as quickly as possible (realtime) based on events aggregated from security systems as well as other technology components.Then alert relevant departments to investigate and react to that event/incident.
- Information Security Assurance
- Participate in projects, developing and deploying technology to ensure Information Security for systems to be built, including stages: analysis, building requirements Information security, design Information security, threat modeling, source code review, testing and building controls to ensure Information Security.
- Research and develop necessary information security solutions to prevent attacks and incidents Information security, ensure security and safety for the entire information system of the bank.
- Coordinate with the Information Security supervisory department in handling information security incidents.
- Set up and monitor the implementation of TCB's information security process, regulations, standards, guidelines and policies in accordance with the regulations of the government and international organizations
- Implement and maintain compliance with international standards PCI-DSS, ISO, SWIFT CSP.
- Implement and maintain compliance with TCB's policies, circulars and regulations of the State Bank.
- Regularly perform compliance and integrity checks
- Coordinate with Compliance Assessment and Risk Management units to assess the compliance of technology systems according to policies, regulations, standards, processes, checklists.
- Information Security Red team:
- Implement the strategy to ensure information security:
- Participate in the implementation of the Information Security strategy by providing input data on attack trends, forms of exploitation and risks arising in each period.
- Participate in the implementation of the annual information security implementation plan, meet the business and operational needs of the bank through the implementation of information security testing programs for the technology activities of the bank. Bank.
- Develop penetration testing methods, information security scanning scripts and security checks according to international standards such as OSSTMM, Sans and OWASP.
- Develop new techniques, exploit scripts and programs for automated penetration testing
- Perform test attack activities:
- Directly perform vulnerability detection review, vulnerability assessment, and conduct penetration/exploit testing periodically or at the request of the Block leader for all systems/applications
- Penetration testing for system/application after live detection or whenever undergoing a major change. Testing methods must ensure practicality including both technical (technology) and non-technical (people, processes, physical assets). From there, provide CISO as well as other Information Security departments to have programs to deal with the problems of system weaknesses that can be exploited.
- Perform regular vulnerability scans, information security checks to find vulnerabilities in the system and provide remedial / remedial solutions
- supports maintaining compliance with world security standards such as PCI-DSS, ISO27001, SCP (swift).
- Develop and manage vulnerability management program, threat intelligence database. Collect, track metrics, and analyze trends on cyber defenses, threats, detected attacks, vulnerabilities, and countermeasures/preventions.
- Actively research / find new vulnerabilities, exploitation techniques and cyber threats
- Identify trends in cybersecurity involving tactics, techniques, and processes, targeting for malware development and deployment.
- Directly participate in the experimental plan of responding to an Information Security incident as an attack unit and in the case of an actual Information Security incident as the response team. Coordinate and provide expert cyber defense engineering skills to resolve cyber attack incidents
- Information Security Administration
- Building/adjusting and implementing MTPQ of systems.
- Develop requirements and measures to control access and protect the bank's data.
- Develop, maintain and optimize information security policy/rule/configuration for solutions to ensure information security such as: Information security solutions on access identity management (PAM, IAM…); Network information security solutions (Firewall, NAC, APT, NetIPS, DDOS...); Information Security solutions on endpoints (AD GPO, HIPS/HFW, Appcontrol, Web/mail filtering, DB security…); Information security solutions on data (DLP, FAM...).
- Assess, evaluate, review:
- Decentralization enforcement ensures compliance with the decentralized matrix.
- The issue and withdrawal of privileged accounts and digital certificates on technology systems.
- Exception requirements related to identity, access rights on technology systems
- Change requirements on information security assurance solutions.
- Risk management and compliance
- Identify risks of the department in the process of operation, ensuring compliance with the processes and regulations of the bank. Coordinate with relevant units to handle risks.
- Perform risk treatment activities according to reports of internal/external audit departments.
Senior Mangaer, Manager, Information Security
Key Relationships - Direct Reports
No
Key Relationships - Internal Stakeholders
Departments in the divisions
Key Relationships - External Stakeholders
Information security solutions/services companies, quick incident response organizations…etc.
Success Profile - Qualification and Experiences
Qualification
- Graduated in IT, Computer Science or Telecommunications
- Foreign language: English: Level 1 – TOEIC under 550
- Certificates in information security such as OSCP, PCI DSS assessment implementation certificate, ISO
- Having ISC2 SSCP security certificates is an advantage
- Having certificates of companies providing security solutions such as Microsoft/Cisco/PaloAlto/Checkpoint/Cyberark/Sailpoint…”
- Having certificates in information security such as - SANS SEC660, SEC760, SANS SEC642, SANS SEC575, OSCE, OSCP
- Experience in performing security testing in financial / service / telecommunications organizations from 5 years. The experience includes the following aspects:
- Research, design, implement and evaluate Information security for systems and applications
- Implement PCI-DSS, ISO, Swift CSP... Participate in the development and control of compliance with security standards for IT systems
- Experience in performing security testing in financial / service / telecommunications organizations. The experience includes the following aspects:
- Experience in researching security holes, developing attack techniques/tools, performing attack testing of technology systems by technical and non-technical measures)
- Having experience in implementing, managing, and operating in-depth in terms of policies, set of rules, configuration of information security at least one of the following areas at financial/service/telecommunications organizations (5 years):
- Security solutions for access identity management (PAM, IAM...);
- Network security solutions (Firewall, NAC, APT, NetIPS, DDOS...);
- Security solutions for terminals (AD GPO, HIPS/HFW, Appcontrol, Web/mail filtering, DB security...);
- Data security solutions (DLP, FAM...).
- Experience in information security assessment according to Agile method"
Khu vực
Quy mô:
1.000 - 5.000 nhân viên
Địa điểm:
SỐ 8, ĐƯỜNG 9A, KCN BIÊN HÒA 2, Biên Hòa
CÔNG TY CỔ PHẦN TKG TAEKWANG VINA khởi đầu là một nhà máy sản xuất giày được xây dựng vào năm 1971 bởi người sáng lập quá cố Park Yeon-cha. Vào những năm 1990, lần đầu tiên Taekwang thâm nhập vào thị trường Đông Nam Á như Việt Nam và Indonesia và phát triển thành nhà cung cấp giày thể thao cho các thương hiệu thể thao lớn trên toàn cầu như Nike. Đây là công ty Hàn Quốc thế hệ đầu tiên vào Việt Nam và hiện có khoảng 70.000 nhân viên tại các nhà máy sản xuất trên khắp thế giới. Kể từ những năm 2000, Taekwang đã mở rộng phạm vi kinh doanh của mình sang các lĩnh vực kinh doanh hóa chất chính xác, vật liệu, điện và giải trí và đã phát triển thành một tập đoàn quy mô trung bình với doanh thu hàng năm là 3 nghìn tỷ won.
Chính sách bảo hiểm
- - Được tham gia đầy đủ các loại bảo Hiểm: BHXH, BHYT, BHTN, BHTN 24/24
Các hoạt động ngoại khóa
- Team Building
- Du lịch hàng năm
Lịch sử thành lập
-
TKG Taekwang vina là tập đoàn lớn, được thành lập từ năm 19945. Công ty 100% vốn đầu tư Hàn Quốc. Chúng tôi sản xuất giày thể thao thương hiệu Nike.
Mission
- Chúng tôi luôn chuẩn bị sẵn sàng để đáp ứng các mong đợi của khách hàng và xây dựng niềm tin với họ bằng chất lượng sản phẩm tốt nhất. Niềm tin là nền tảng của Taekwang.
- Chúng tôi luôn nghĩ về một tương lai bền vững cho xã hội và môi trường. Taekwang đề cao tính bền vững
Những nghề phổ biến tại Taekwang
Bạn làm việc tại Taekwang? Chia sẻ kinh nghiệm của bạn
Taekwang
Click để đánh giá