WB Finance Microfinance, holding an MDI license from National Bank of Cambodia, is one of the largest Microfinance institutions in Cambodia, and is wholly owned by Woori Bank, one of the top banks in South Korea. WB Finance has a long history in serving Cambodian communities for more than 20 years, with its wide range of financial products and services including Loans, Savings, Money Transfers, and Mobile Banking.
This position is to ensure information security policies/procedures has been enforced at all staffs, conducting research on latest information security domain and working with Information Security Manager to identify information security gaps and recommend the updates on existing policy & processes to protect information security/assets of WBF.
DUTIES & RESPONSIBILITIES
- To develop and maintain technical policies and standards and promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
- Actively protect WBF IT Assets and infrastructure from external or internal threats and ensure that the company complies with statutory and regulatory requirements regarding information access, security and privacy.
- Research, analyze problems, evaluate, and recommend solutions, products, and technologies to meet information security protection.
- Assist the end-user, other IT professionals and external customers in requesting security variances and implementation of subsequent configuration change request.
- Recommend best security practices to achieve stated business objectives, advises on risk assumptions for any variances granted, and provides alternatives to achieve desired results.
- Ensure all IT systems and processes are complied with IT policy/procedure and well documented.
- Participate in IT risk assessment identification, explore, and implement mitigations.
- Knowledge & understanding on some certification practices such as Cisco CCNA Security, CCNA Cyber Ops, CompTIA Security+, and SSCP etc.
- Knowledge of information security principles, including risk assessment, threat and vulnerability management, incident response and access management.
- Knowledge & experience with network infrastructure security, system and application development security, security monitoring system, mobile banking security, cloud security, Business Continuity, payment card security and cyber security.
- Experience in developing, documenting, and maintaining security procedures
- Research and development on cyber security in general.
- An excellent understanding of information security concepts and practices concerned with maintaining the confidentiality and integrity and availability of information.
- Knowledge of current Information Security Management System (ISMS) (including ISO 27001 series, NIST and/or other cyber security framework).
- Knowledge and understand of OWASP TOP 10 and how to identify them.
- Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
- Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.
We offer competitive remuneration package and opportunity for career and personal development.
ចូលរួមទៅក្នុងបន្ទប់ផ្តល់ព័ត៌មាន Telegram channel សម្រាប់ទទួលបានព័ត៌មានចុងក្រោយស្តីពីសន្តិសុខអុិនធឺណិតទាំងក្នុង និងក្រៅប្រទេស៖ https://t.me/infosecisac។ ចង់ផ្សព្វផ្សាយពាណិជ្ជកម្ម សូមទំនាក់ទំនងinfo@secudemy.com.