Regional ISO Engineer

JOB DESCRIPTION

Job Purpose/Role

This role will be a combination of ISO role and PCI role.

The Information Security Officer (ISO) is assigned to Security Assurance Manager. The ISO has overall responsibility for the effective implementation and maintenance of the Information Security Management System (ISMS) within Company. Furthermore, the ISO oversees the fulfilment of Information Security requirements in all services provided by Company as shared service provider to its customers. The scope of ISO covers several Business Units (usually the entire or part of Europe, Americas or APAC regions).

The PCI Compliance Officer is assigned to Security Assurance Manager. The PCI Compliance Officer provides advice on compliance matters related to Payment Cards Industries standards / frameworks. He / she represents Company to industry bodies, monitors and evaluates relevant PCI compliance risks that can affect the business. The scope of PCI Compliance Officer is global for Company Partners related demand.

Key responsibilities/What you do

ISO

Each Information Security Function shall be responsible for oversight of the related ISMS activities, risk identification and assessment, prevention and advice with respect to the Information Security Risk areas: of the local Company and of the services provided by the local Company to its customers.

The function is responsible for the effective implementation of Comapny’s Information Security principles. This includes to promptly report to the IS Function matters which potentially have impact on the Company’s reputation.

In case of conflict of interests, the ISO shall refer a matter to the Security Assurance Manager and ultimately to the Company CISO.

PCI

Define and help manage PCI DSS program

Evaluate compliance against IT security policies, functional rules, controls and Payment Cards Industry standards

Drive a distributed annual subsidiary assessment exercise

Manage vendors that support PCI engagements (scoping, assessments, consultations, etc.)

Manage non-planned PCI-related inquiries and provide/coordinate unified guidance to subsidiary and Amazon service teams

Provide consultancy on PCI requirements, deliver recommendations and risk interpretations in a clear, concise and audiencespecific format.

JOB REQUIREMENT

Bachelor's degree in Computer or higher in related fields.

Recognized Information Security Certifications e.g. CISSP, CISM. CRISC or ISO27001 Lead Auditor preferred

Experience with internal controls, risk assessments, business processes and internal IT control testing or operational auditing

Information Security experience related to risk management controls assurance & compliance programs

Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks

Related security control and compliance experience in various frameworks including PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.

Excellent communication skills, interpersonal, oral, and written in English

WHAT'S ON OFFER

We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad

We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)

From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered

Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach

CONTACT

PEGASI – IT Recruitment Consultancy | Email: recruit@pegasi.com.vn | Tel: +84 28 3622 8666

We are PEGASI – IT Recruitment Consultancy in Vietnam. If you are looking for new opportunity for your career path, kindly visit our website www.pegasi.com.vn for your reference. Thank you!

Job Summary

Company Type:

Fintech

Technical Skills:

Security

Location:

Others - Thailand

Working Policy:

Salary:

130K – 160K THB

Job ID:

J01245

Status:

Related Job:

Android Engineer - VVE

Ha Noi - Viet Nam

Product

Android

Creating and managing Android applications using Kotlin Constructing Android services for production use and contributing to live service operations Utilizing Jetpack Compose to design modern Android UI Incorporating asynchronous programming through Coroutines and Flow Developing scalable Android app architecture with modularization and dependency injection Collaborating with cross-functional teams through effective communication

Negotiation

View details

iOS Engineer - VVE

Ha Noi - Viet Nam

Product

Create and update iOS applications with Swift Utilize UIKit and SwiftUI for building user interfaces Integrate and design APIs for effective data processing Employ reactive and asynchronous programming for strong app architecture Communicate effectively with cross-functional teams Enhance code quality, performance, and maintainability of iOS applications

Negotiation

View details

Featured Job

Senior Mobile Security Engineer (Forensics)

Ho Chi Minh - Viet Nam

Product

Security

Examine and interpret large-scale datasets and fraudulent activities to identify patterns, clusters, and evolving fraudulent behavior, including understanding the methods and processes used by attackers. Collaborate with the mobile development team to create and integrate secure mobile SDK components for accurate collection of forensic data, aiding in the identification of location spoofing, emulator abuse, rooted/jailbroken environments, and other forms of environment manipulation. Lead and conduct in-depth technical research on emerging mobile fraud and evasion techniques, and translate the findings into practical forensic indicators. Establish and improve end-to-end incident response capabilities throughout the system, working with Data Science and ML teams to convert forensic insights into technical features, rules, and detection logic. Offer technical advice and mentorship to junior engineers on effective practices in mobile security, forensics, and data analysis.

Negotiation

View details