VNPAY Việt Nam 4.2 ★

Job Description

IT Risk Management (ITRM) and/or Cybersecurity Risk Management

1. Policies and Documentation: Propose and develop policy documents related to IT Operational Risk Management (IT ORM) and/or Cybersecurity Risk Management.
2. Implementation and Risk Monitoring

IT Risk Management Tasks

• Risk Appetite/Key Risk Indicators (KRI): Review, develop, and monitor operational risk indicators within IT (risk appetite, KRIs, etc.) and analyze and evaluate these indicators.
• RCSA and Operational Risk Event Assessments: (i) Analyze/monitor IT operational risks; (ii) Analyze causes, trends, and developments of IT operational risks; (iii) Propose preventive/reduction/control measures for risk management.
• LDC: Review and handle IT incident losses through insurance and reserve funds.
• Business Continuity Planning (BCP): Participate in developing scenarios for managing operational risk events in IT, coordinate/monitor implementation by units; develop action plans to mitigate identified IT operational risks, monitor progress/quality of units in executing action plans.

Cybersecurity Risk Management Tasks

• Assess the effectiveness of existing security tools and policies by identifying IT threats and vulnerabilities, evaluating, and verifying the effectiveness of cybersecurity management and operations.
• Conduct cybersecurity risk assessments over time based on evolving risk trends.

1. Training/Communications on Building an Operational Risk Management Culture

• Develop content for training and communication on IT Operational Risk Management (IT ORM)

Job Requirements

Education:

• University degree (full-time), majoring in Information Technology/Mathematics/Applied Mathematics/Electronic Telecommunications or fields related to Information Technology, IT Risk Management, or equivalent.

Professional Knowledge:

• Knowledge of relevant legal documents, international and domestic practices regarding IT systems; in-depth understanding of IT systems and related issues in IT and Cybersecurity.

Experience:

• Minimum of 2 years of experience in the IT field; preferred candidates with international IT security certifications like COBIT5, ITIL, CISSP, or CISA; experience in implementing ISO 27001 - Information Security Management System, Circular 09/2020/TT-NHNN - Regulations on information system security in banking operations is an advantage

Language:

• Proficient in English, capable of working independently with foreign experts.