WB Finance Microfinance, holding an MDI license from National Bank of Cambodia, is one of the largest Microfinance institutions in Cambodia, and is wholly owned by Woori Bank, one of the top banks in South Korea. WB Finance has a long history in serving Cambodian communities for more than 20 years, with its wide range of financial products and services including Loans, Savings, Money Transfers, and Mobile Banking.
This position is to support and maintain the Information security policies and compliance management strategy, develop and maintain policies, standards, processes and procedures to a level compliant with NBC technology risk guideline, ISO27001/2 and other relevant standards, and assess, monitor, report, escalate and remediate other Information security policies and compliance related issues.
LOCATION : Head Office
DUTIES & RESPONSIBILITIES
- To develop and maintain technical policies and standards and promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
- Work collaboratively with WBF compliance, internal auditing, risk management and work with various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices.
- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
- Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.
- Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Implement the required IT compliance policies and controls to meet the desired level of compliance maturity reflected in a given standard or framework
- Evaluate any related external frameworks or standards (e.g., ITIL, COBIT, etc.) or internal standards (e.g., code of conduct and use) to determine the relevant IT compliance requirements and controls.
- Liaise with suppliers, and employ appropriate management strategies, to facilitate and ensure their compliance with WB Finance’s security policies.
- Ensure all IT systems and processes are complied with IT policy/procedure and well documented.
- Act as a corporate advocate for information security and business continuity best practices including, but not limited to ISO2700x and ISO22301 etc.
- Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT management, senior management, board of directors, legal management, regulators, internal/external auditors, etc.
- Relevant IT qualification to Computer Science or Information Technology.
- At least 4 years of information security experiences or IT audit.
- Proven experience of developing, submitting IT audit, and compliance report to governing bodies, legal and/or external authorities.
- Experience with common information security management frameworks, such as International Standards Organisation (ISO) 27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Proven experience in the implementation and monitoring of service performance KPIs, performance metrics, service standards and agreements
- Experience of implementing and managing PCI-DSS compliance
- Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
- Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
- Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.
- Previous experiences in IT auditing is a plus.
We offer competitive remuneration package and opportunity for career and personal development.
Closing Date: 14 December 2020
ចូលរួមទៅក្នុងបន្ទប់ផ្តល់ព័ត៌មាន Telegram channel សម្រាប់ទទួលបានព័ត៌មានចុងក្រោយស្តីពីសន្តិសុខអុិនធឺណិតទាំងក្នុង និងក្រៅប្រទេស៖ https://t.me/infosecisac។ ចង់ផ្សព្វផ្សាយពាណិជ្ជកម្ម សូមទំនាក់ទំនង firstname.lastname@example.org
Subscribe to our Telegram channel for the latest updates on the Cybersecurity Breaking News in both locally and internationally: https://t.me/infosecisac.
For advertising: email@example.com or Phone: +855 69 690 280