MetLife

Principal Responsibilities:

Design and operate IT risk and security programs. Provide IT security services that comprises oversight, investigations, strategic vision and trusted advisory services to IT and Business teams.

Develops and manages security (e.g., data, systems, network and/or Web) across the company. Identifies security risks and exposures, determines the causes of security violations, and suggests procedures to halt future incidents. Provides management with risk assessments and security briefings to advise them of critical issues that may affect customer, corporate security objectives. To direct, manage, plan, and administer the operational and administrative activities associated with the running of ITRS function.

Functional Responsibilities:

1.      To provide recommendations for new or modified policies, standards, and/or guidance documents based on changing technologies, cyber security landscape and Vietnam’s cyber security regulations;

2.      To evaluate, recommend and manage the implementation of security products & services. To perform Risk Assessment of third-party service provider arrangements.

3.      To design and support IT security solutions that may be comprised of hardware and software components.

4.      To proactively identifie security risks and exposures by participating in continuos security reviews, evaluations, and risk assessments.

5.      To oversees security awareness programs and provides education on security policies and practices and/or provides training on guidance for compliance with governmental laws and regulations.

6.      To manage security testings, reports and remediations either by internal or external parties.

7.      To manage the IT Risk & Security services including but not limited to analysis, action planning, execution, and reporting.

8.      To lead and manage the IT security incidents. Provide quick guidance and solution for mitigation and remediation minimizing impacts to the business operation as well as reputation.

9.      To design, implement and maintain processes and procedures to ensure the security of data, application, and infrastructure.

10.    Act as the liaison between audit/compliance and IT, reviewing all audit/compliance reports and responses to ensure timeliness and the effectiveness of the corrective actions.

Supervisory Responsibilities:

1. May provide work guidance to lower level and project staff.
2. Manage the vendor resources to deliver quality in projects.

Knowledge/Skills/Competencies Required:

• At least four continuous years of either IT security, IT risks or IT audit role recently.
• Minimum 2 years of management, supervisory or team lead experience.
• Having practical technical skills and experiences in network security, web application security.
• Having practical experiences in security designs embedding into system development lifecycle.
• Having practical experiences in IT risks management.
• Strong analytical, problem-solving, situation management capability.
• Relevant industry security, risk, and audit certifications such as CISA, CRISC, CISM, CISSP certifications will be a big plus.