IT Risk & Compliance

Location: Ho Chi Minh City, Vietnam
Job Type: Permanent
Salary US$1000 - US$1500 per month
Sub Specialization:
Contact: Thinh Nguyen
Reference: JO-1601-28998


  • Be responsible for IT Risk & Compliance performance
  • Report to Board of Management, Head of Risk & Compliance, IT Manager about IT Risk & Compliance performance
  • Report directly to the Board of Management, Head of Risk & Compliance about the critical IT security incidents, events
  • Conduct the tasks, activities assigned by the Board of Management, head of Risk & Compliance, IT Manager about IT Risk & Compliance
  • Hold the administrator accounts of the audit log functions in the IT systems
  • Keep the IT security documents such as IT password envelope, configuration values of the Company's IT systems

1. IT Risk, Compliance framework

  • Corporate with the Company's risk management team to develop and adopt risk management framework
  • Be responsible for IT risk appetite,coordinate, manage and monitor the identification, documentation and analysis of business process and IT risks
  • Provide data owners with IT procedures and risk management tools
  • Develop, update timely the information security policies, IT security management processes and procedures in accordance with the IT security technology standards, best practices
  • Define IT regulatory, IT risk & compliance requirements for IT acquisition, upgrading, implementation projects and services
  • Develop, update timely the user profiles principles, ensure the conflict of duties are at the acceptable level
  • Develop and update timely the IT controls, compliance checklist
  • Corporate with IT functions and other departments to develop and update timely the IT risk & control matrix
  • Establish information asset classification scheme

    2. IT Risk & Compliance management
  • Be responsible to build the IT Risk & Compliance report template
  • Be responsible to propose the IT Risk & Compliance plan
  • Assess the IT Risk & Compliance performance periodically
  • Assess the operational effectiveness of IT controls
  • Review the risk assessment conducted by the in-charged IT staff, evaluate risk response, prioritise and mandate the upcoming control activities
  • Monitor the risk action plan to ensure it is aligned with the agreed schedule
  • Comment on the IT related policies and procedures developed by other IT functions regarding the IT risk and compliance perspective
  • Inform the head of other departments about IT noncompliance issues made by their staff
  • Emergency report the critical IT security, incompliance events
  • Communicate with other IT functions, departments to fulfill the external audit requirements
  • Be responsible to raise the IT risk & compliance awareness in the Company's environment such as:
    o Identify and characterise users' training needs, develop the IT risk & compliance training program
    o Conduct or coordinate with other IT functions to conduct the IT risk & compliance awareness training

  • Bachelor degree in Information Technology, Electronic Engineering
  • 3 - 6 years strong experience in IT risk management, MUSH HAVE experience with implementing and help company get ISO 27000 certificate
  • Fair English, team work
  • Have Security certificates is a plus

    Interested candidates please kindly send your most updated CV (Word file)