What We Can Offer
IRM Assistant Manager takes the role of oversight on Information Risk and Data Privacy Management of Shinhan Vietnam Finance in accordance with laws & regulations, Company’s requirements and Group’s guidance and plan. This role will work closely with ICT Division to ensure safety on information and data transfer and control.
Key Roles & Responsibilities
I. Regulatory Compliance (IRM & Data Privacy)
1. Take ownership and implement Information Risk and Data Privacy policies and related applicable laws and regulations;
2. Be responsible to update the regulatory changes as well as conduct gap analysis including remediation plan related to Information Risk and Data Privacy matters;
3. Liaise with business operations such as product departments/ divisions to provide advice, guidance related to Information Risk and Data Privacy matters;
4. Continuously research and follow up the latest IT and cyber security challenges and technologies.
II. Monitoring, Reporting and Conducting Risk Assessment
1. Participates in the development and implementation Company’s project, functional 3rd parties engagement to conduct risk assessment and to ensure that all privacy concerns, requirements and responsibilities are addressed;
2. Liaise with departmental operation to complete regular reports/ exercises, such as: Incident report; Sensitive Information Transfer (SIT);
3. Review and authorize routine and enhanced information/data access, SIT;
4. Maintain quality assurance for operation of Information Risk Management; be accountability of all regulatory reports related to Information Risk and Data Privacy. Ensure the report timely be sent to SBV and other regulators;
III. Training & Enhancing Awareness
1. Provide training and awareness for new hire in-class training, annual Computer Based Training (CBT) and acknowledgement process, Signing of Information Security Code of Practice (ISCoP), and other required training;
2. Initiates activities to foster data privacy awareness within company;
3. Coordinate with ICT Division and assure other training related to Information Risk and Privacy performed properly;
1. Cooperate with team members within Division to ensure the quality and timeline of work done.
2. Other ad-hoc tasks assigned by Compliance & Operation Risk Management Manager and CEO, DCEO;
- University Degree majored in Information Technology
- Qualified any security consulting certifications (CISSP, CISA, CISM) is an advantage.
2. Work Experience
- Prior experience at least 4 years in internal/ external IT audit; Risk management within banking and consumer finance industry is an advantage.
- Good understanding about banking/ consumer finance business operations;
- Good understanding about information risk laws and regulations, such as Circular 18, Decree 117, etc.,
- Good communication and negotiation skills;
- Good Problem-solving and collaboration skills;
- Ability to speak and write in English at intermediate level.
- Independent, innovative; have business insight and customer service skills;
- Should be confident, aggressive and have a flair for Team Management.