IT Director / Chief Security Officer
Main Objective: In charge of all IT and security matters of our client Software Development Operation in Vietnam.
As IT Director role:
- To direct and manage IT team. Being the line manager and escalation point for IT team.
- To plan IT works & activities further to the company requirements
- To arrange & assign IT tasks in accordance with the work requirements of IT department
- To manage and oversee the whole activities of IT Department
- To make monthly/weekly reports to the management on IT Department activities
- Be responsible for all software & hardware supply, installation, maintenance and management, data back-up, licenses, internal tools support & maintenance, etc..
- To implement strictly all the company’s processes and systems complied with ISO9001, ISO27001 & CMMi standard
- To perform other tasks assigned by the management
- To support presale and delivery for the IT managed services.
As CSO role:
- Devise policies and procedures regarding areas such as business continuity planning, loss prevention and fraud prevention, and privacy.
- Oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups.
- Create global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security. Identify security initiatives and standards. Evaluate and recommend new information security technologies and counter-measures against threats to information or privacy. Develop and manage the procedures to ensure physical safety of employees and visitors.
- Oversee safeguarding of intellectual property and computer systems. Ensure the integrity and security of automated files, databases, and computer systems must be vested in the company. Ensure security is maintained and updated.
- Create workplace violence awareness and prevention programs. Develop emergency procedures and incident responses.
- Monitor all Information Security measures and systems. Investigate security breaches. Implement disciplinary procedures.
- Commission audits to find holes in security platform. And implement the plan to fill the gap found by security audits.
- Develop risk management assessments. To coordinates with business process owners or functional are representative the identification and updating of information security assets and risks. Be responsible for performing periodically, based on risk assessment, an internal audit of the information security function. Specific duties are the following:
- Ensures the company’s compliance to the ISO 27001:2005 by conducting internal ISMS audits.
- Submits corrective and preventive actions on identified non-compliances to the Steering Committee for review and approval.
- Reviews the effectiveness of corrective and preventive actions until closure of the non-compliances.
- Ensure that actual and potential non-compliances are resolved with the appropriate corrective and preventive actions to correct or prevent the non-compliance from recurring.
- Examine the information security policies and procedures for compliance with state information security and risk management policies, standards and guidelines.
- Examine the effectiveness of the information security policies and procedures; identify inadequacies within the existing security and risk management program and possible corrective action to be taken. Review and evaluate the effectiveness of controls for automated information systems that are either under development or operational, with particular emphasis on major systems.
- Inform management, the information security function and the information’s owners, custodians, and users of its findings
- Participate in the risk analysis process.
- Work with Functional Area Representative to ensure they have to
- Participate in the risk analysis and treatment process.
- Involve in preparing and composing functional area-related procedures and review.
- Involve in implementing ISMS processes and procedures.
- Sets guidelines and insures the confidentiality, integrity and availability of information system.
- Actively track and respond to security vulnerabilities and incidents.
IT Director / Chief Security Officer reports directly to the Software Development Managing Director
IT Director / Chief Security Office has authority on all operation relating to security in the company.