WB Finance Microfinance, holding an MDI license from National Bank of Cambodia, is one of the largest Microfinance institutions in Cambodia, and is wholly owned by Woori Bank, one of the top banks in South Korea. WB Finance has a long history in serving Cambodian communities for more than 20 years, with its wide range of financial products and services including Loans, Savings, Money Transfers, and Mobile Banking.
LOCATION : Head Office
Under the supervision of Senior Manager, Information Security (ISM), the Senior Officer, Information Security (ISO) works to ensure all IT Policy implementation has been enforced at all level of staffs, conducting research on latest information security domain and working with ISM to identify information security gaps and recommend the updates on existing policy & processes to protect information asset of the business.
DUTIES & RESPONSIBILITIES
- Develop, review and update of IT Policy and IT Security policy/procedure by liaison with all relevant staffs
- Research, analyze problems, evaluate, recommend solutions, products, and technologies to meet information security protection
- Actively protect WBF company IT Assets and infrastructure from external or internal threats and ensure that the company complies with statutory and regulatory requirements regarding information access, security and privacy
- Design, configure, deploy, and maintain IT Security systems with cooperation and support from Network Administrator and Server Administrator in order to do full rollout of the change to production system
- Joining in the implementation of firewall solutions to properly secure WBF IT Infrastructure and provide consultation on all new firewall implementations, firewall configuration changes, and IT projects requiring security operational support.
- Joining with the application development team by contributing the requirement related to information security and necessary validation for the secure development of the application.
- Assist the end-user, other IT professionals, and external customers in requesting security variances and implementation of subsequent configuration change requests
- Recommend best security practices to achieve stated business objectives, advises on risk assumptions for any variances granted, and provides alternatives to achieve desired end results
- Assist in incident response for any breaches, intrusions, or theft
- Monitor systems for any anomalies, suspicious activity then provide proper updating, and provide patching quickly if notified from security solution provider or make recommendations for resolution
- Monitor vendor websites for potential threat alerts and software upgrades
- Evaluates and performs planning, testing, and implementation of software and hardware upgrades
- Maintains system documentation and configuration data for regulatory and audit purposes
- Develop and maintain documentation for security systems, procedures and security diagrams
- Coach and guide Service Desk and Desk Side Support technicians in their incident response, directing incident first responder actions, and appropriately escalating issues.
- Serve on projects and initiatives to develop, plan and implement network and distributed system security technologies
- Support information security architectural requirements.
- Serve on projects, initiatives or work groups as assigned which may include Event Management, Identity and Access Management, Risk and Control Assessment, Threat and Vulnerability Management.
- Ensure all IT systems and processes are complied with IT policy/procedure and well documented
- Participate in IT risk assessment identification and explore and implement mitigation solutions
- Conduct regularly security check on LAN/WAN of IT Infrastructure and IT Applications System for HO and Branch Offices
- Perform IT security training to end users.
- Coordinate with the team to perform DR drill activation and producing result report.
- Check and collect backup log to ensure the backup job has been done and report to relevant staffs to take an immediate action in case of failure
- Monthly security checks in Data Center and DR site
- Regularly scan and report for unauthorized access in systems
- Enforce the proper implementation of IT Security in order to comply with IT Security policy and procedure
- At least Bachelor Degree in Information Technology or Computer science
- Current experience with Network Infrastructure Security and application development security project involvements and or prior experience in IT Infrastructure support, design and management as well as strong knowledge and experience routing and switching, Firewalls configuration and associated network protocols and concepts
- Knowledge and implementation of IDS/IPS and Syslog
- Knowledge in implementation and operation of monitoring tools and SIEM.
- Knowledge and experience in administration of Windows Server and Linux Operating Systems
- Knowledge & understanding on some certification practices such as Cisco CCNA CyberOps, CompTIA Security+, Pentest+, and SSCP etc.
- Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
- Experience in developing, documenting and maintaining security procedures
- Experience and knowledge in Cyber Security, latest thread and attack vectors and mitigation plan
- Experience in enforcing policy, procedure of IT across organization
- Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
- Experience in VPN Management and Support
- Experience in DPLC and MPLS
- Good analytical, problem identification, troubleshooting, and creative problem solving abilities
- Previous experiences in IT Auditing is a plus
- Research and development on Cyber Space security
We offer competitive remuneration package and opportunity for career and personal development.
Closing Date: 23 December 2020
- Interested Candidates, Please submit your CV to email: firstname.lastname@example.org
- Tel: 089 333 767/ 087 666 870/ 090 855 910
ចូលរួមទៅក្នុងបន្ទប់ផ្តល់ព័ត៌មាន Telegram channel សម្រាប់ទទួលបានព័ត៌មានចុងក្រោយស្តីពីសន្តិសុខអុិនធឺណិតទាំងក្នុង និងក្រៅប្រទេស៖ https://t.me/infosecisac។ ចង់ផ្សព្វផ្សាយពាណិជ្ជកម្ម សូមទំនាក់ទំនង email@example.com
Subscribe to our Telegram channel for the latest updates on the Cybersecurity Breaking News in both locally and internationally: https://t.me/infosecisac.
For advertising: firstname.lastname@example.org or Phone: +855 69 690 280