Manager, IT Security & Governance

About The Job

This role is responsible for protecting Bank’s computers, systems, networks, and data against cyber-attacks and security breaches. She/he shall be responsible for establishing and maintaining the bank’s vision, strategy, and program to ensure information assets and technologies are adequately protected.  The role is to manage the governance, planning and risk management functions and ensures appropriate policies and controls are in place for effective service delivery.

What you should do 

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Develop and enhance an information security management framework.
• Understand and interact with related parties to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Provide leadership to the enterprise's information security function.
• Partner with business stakeholders across the company to raise security awareness.
• Security operations: Real-time analysis of immediate threats, and triage when something goes wrong.
• Cyber risk and cyber intelligence: Keeping abreast of developing security threats, and helping the board understand potential security problems that might arise from acquisitions or other big business moves.
• Data loss and fraud prevention
• Rolling out security hardware and software and making sure IT and network infrastructure is designed with best security practices in mind.
• Identity and access management: Ensuring that only authorized people have access to restricted data and systems.
• Investigations and forensics: Determining what went wrong in a breach, dealing with those responsible if they are internal, and planning to avoid repeats of the same crisis.
• Ensure and Monitor effective implementations of the information security policies and procedures.
• Coordinate/Work effectively in the Internal Audit program with the Auditors.
• Communicate the governance activities, policies and decisions with the IT Management and Business Leadership and keep them informed of IT governance decisions that will affect IT services and projects.
• Release Management: In conjunction with application and infrastructure teams, track configuration items and maintain technical documentation control.
• Change Requests: Ensuring that change requests are correctly administered, documented, maintained and coordinated in a timely fashion.
• Change Management calendar: Establish and maintain a Change calendar, keeping Production informed of the forward schedule of work and managing the release of changes to the Production environment
• Incident reporting: Maintain up to date and accurate records of incident and problem resolution activities

• Bachelor’s Degree in Information Technology, Computer Science, or other related equivalence
• Experience in Bank industry at least 5+ years
• Experience 3+ years as a person responsible for information security
• Experience with information security framework e.g., ISO20000 and ISO27001Knowledge of security and governance frameworks
• Demonstrate strong strategic thinking, analytical and leadership skills.
• Strong problem-solving skills, with ability to influence others.
• Demonstrable strategic thinking, analytical and problem-solving skills and detail oriented.
• Relevant certification e.g., CISO, NIST, and COBIT
• Leadership skills, conflict resolution, and well organizing the tasks.

HOW TO APPLY:

Click on the “Apply” button on this page. If it is your first time applying to our career portal, you will need to “Create an account” with us first in order to apply.
Need help on how to apply? View our Quick Reference Guide at the bottom of this website (TIPS FOR APPLYING)

More information: 

• Recruiter: Ms. SOEURM Parany,  +855 17 643 880/ +855 86 213 477 
• Address: Building174 (1st, 3rd, 4th Floor), Czech Republic Blvd (St.169) corner St. 164, Sangkat Veal Vong, Khan 7 Makara, Phnom Penh
• Website:www.chipmongbank.com

Only shortlisted candidate will be contacted.