Senior Information Security
Ninja Van
- Ho Chi Minh City
- Permanent
- Full-time
- Identity and Access Management
- Enforcing Identity Lifecycle Management policies and procedures.
- Planning and executing Access Review ProcessWorking REG Infosec and IT to enforce Authentication policies such as SSO, MFA, Oauth , OpenID, FIM
- You need to have Knowledge of Authorization Models and design such as RBAC, MAC ,DAC , ABAC to assist enforcing them at all levels.
- Role Based Access Control
- Understand different RBAC structures and apply knowledge to implement the most suitable RBAC solution for critical business
communicate status of various IAM initiatives to leadership * Create and document standards, processes and procedures for RBAC and other IAM
with vendors and internal stakeholders to implement IAM tools and technologies. * Program Delivery
- Manage delivery of Group Information Security tools and capabilities locally
- Support Group Head of InfoSec in managing the delivery of global programs, KPIs and KRIs.
- Compliance
- Support local business in Security Architecture decisions by working in liaison with Group Information Security
- Manage resolution of vulnerabilities or issues detected in local IT/Tech Infrastructure
- Reduce the information security risk by identifying the root cause and working with local/group stakeholders to take corrective actions.
- Support Local Team with questions related to regulatory compliance and IT/InfoSec audits.
- Training and Incident Response
- Run local security training programs
- Communicate and ensure implementation of group IS policies, procedures and processes locally.
- Adapt security procedures as per local needs where required
- Qualify local Security Incidents and co-ordinate incident response with Group IS
- Lead and/or participate in post Incident Reviews.
- Bachelors in Information Security / STEM (Science, Technology, Engineering and Mathematics) degree
- At least + years of experience in IT/Information Security
- Experience in leading IT security, attestation and assurance audits globally
- Experience in setting up Data protection controls
- Professional security related qualification (e.g. CISM - ISACA, CC - ISC, CISA, CRISC.) will be favorable although not mandatory
- Good to have experience in IAM tools like BeyondTrust, Google Workspace, etc.
- Language Requirements: Fluent English
- Knowledge of ISO 27001, NIST CSF
- Knowledge and understanding of AAA framework
- Knowledge of Google Workspace, Google Cloud (GCP)
- Knowledge of API and API tools like SOAP-UI, Postman, Apigee etc
- Knowledge of Database and writing SQL queries
- Excellent written and verbal communication skills and ability to escalate timely to management.
- High degree of attention to detail and discipline in tracking and managing the closure of identified vulnerabilities and issues arising from audit
- Effective influencing and negotiating skills and demonstrated sensitivity to working and interacting with senior stakeholders
- Ability to work independently