Regional ISO Engineer

JOB DESCRIPTION

Job Purpose/Role
This role will be a combination of ISO role and PCI role.
The Information Security Officer (ISO) is assigned to Security Assurance Manager. The ISO has overall responsibility for the effective implementation and maintenance of the Information Security Management System (ISMS) within Company. Furthermore, the ISO oversees the fulfilment of Information Security requirements in all services provided by Company as shared service provider to its customers. The scope of ISO covers several Business Units (usually the entire or part of Europe, Americas or APAC regions).
The PCI Compliance Officer is assigned to Security Assurance Manager. The PCI Compliance Officer provides advice on compliance matters related to Payment Cards Industries standards / frameworks. He / she represents Company to industry bodies, monitors and evaluates relevant PCI compliance risks that can affect the business. The scope of PCI Compliance Officer is global for Company Partners related demand.
Key responsibilities/What you do
ISO
Each Information Security Function shall be responsible for oversight of the related ISMS activities, risk identification and assessment, prevention and advice with respect to the Information Security Risk areas: of the local Company and of the services provided by the local Company to its customers.
The function is responsible for the effective implementation of Comapny’s Information Security principles. This includes to promptly report to the IS Function matters which potentially have impact on the Company’s reputation.
In case of conflict of interests, the ISO shall refer a matter to the Security Assurance Manager and ultimately to the Company CISO.
PCI
Define and help manage PCI DSS program
Evaluate compliance against IT security policies, functional rules, controls and Payment Cards Industry standards
Drive a distributed annual subsidiary assessment exercise
Manage vendors that support PCI engagements (scoping, assessments, consultations, etc.)
Manage non-planned PCI-related inquiries and provide/coordinate unified guidance to subsidiary and Amazon service teams
Provide consultancy on PCI requirements, deliver recommendations and risk interpretations in a clear, concise and audiencespecific format. 

JOB REQUIREMENT

Bachelor's degree in Computer or higher in related fields.
Recognized Information Security Certifications e.g. CISSP, CISM. CRISC or ISO27001 Lead Auditor preferred
Experience with internal controls, risk assessments, business processes and internal IT control testing or operational auditing
Information Security experience related to risk management controls assurance & compliance programs
Previous experience creating and/or performing review and gap analysis of information security policies and standards against cybersecurity frameworks
Related security control and compliance experience in various frameworks including PCI DSS, PCI PA-DSS, PCI PTS, GLBA, NYDFS, ISO, NIST, etc.
Excellent communication skills, interpersonal, oral, and written in English

WHAT'S ON OFFER

We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach

CONTACT

PEGASI – IT Recruitment Consultancy | Email: recruit@pegasi.com.vn | Tel: +84 28 3622 8666
We are PEGASI – IT Recruitment Consultancy in Vietnam. If you are looking for new opportunity for your career path, kindly visit our website www.pegasi.com.vn for your reference. Thank you!

Job Summary

Company Type:

Fintech

Technical Skills:

Security

Location:

Others - Thailand

Working Policy:

Job ID:

J01245

Status:

Close

Related Job:

Junior Embedded Linux Middleware Engineer

Ho Chi Minh - Viet Nam


Outsource

  • Embedded
  • C/C++

Responsible for designing, developing, and testing middleware/framework for SoC platforms. Conduct Integration Testing, Unit Testing, and Functional Testing. Create technical documentation and develop sample applications for the product. Work closely with various teams to ensure successful project delivery. Identify, report, and resolve technical issues.

Negotiation

View details

Lead Penetration Tester

Ho Chi Minh, Ha Noi - Viet Nam


Outsource

  • Security

Conduct authorized penetration testing for various digital platforms, including web applications, mobile applications, APIs, infrastructure, and cloud environments. Identify and document security vulnerabilities, validate and exploit when necessary, covering areas such as authentication, authorization, session management, input validation, encryption, access control, and business logic issues. Perform security assessments according to industry standards (e.g. OWASP Top 10, OWASP API Security Top 10, OWASP Mobile Security Testing Guide) and relevant security practices. Analyze application flows, user journeys, transaction processes, access controls, and data handling mechanisms to uncover potential security risks. Conduct vulnerability assessment and manual verification to reduce false positives, confirming actual exploitability in authorized environments. Retest to validate remediation effectiveness and ensure vulnerabilities are properly resolved. Support security testing activities within the software development life cycle (SDLC), including security requirement review, threat analysis, test planning, and release security validation. Stay updated with emerging cyber threats, attack techniques, security risks, and security testing best practices. Lead the planning, scoping, and execution of penetration testing activities across assigned projects. Define the penetration testing approach, test strategy, testing scope, priorities, timelines, and required evidence based on project and client requirements. Guide and mentor penetration testers or security engineers in testing methodology, vulnerability validation, reporting quality, and remediation discussions. Review vulnerability findings, risk ratings, evidence, and remediation recommendations to ensure accuracy, consistency, and practical value. Serve as the main technical point of contact for penetration testing activities, working with client stakeholders, security teams, development teams, DevOps, infrastructure teams, and compliance teams. Facilitate vulnerability walkthroughs, risk clarification sessions, remediation discussions, and retesting alignment with relevant stakeholders. Support estimation, planning, status tracking, issue escalation, and delivery reporting for security testing activities. Contribute to improving security testing processes, reporting templates, testing checklists, knowledge sharing, and reusable testing practices. Support regulatory, audit, and compliance requirements by providing security testing evidence, reports, remediation status, and technical clarification when needed.

Negotiation

View details

Senior Embedded Linux Middleware Engineer

Ho Chi Minh - Viet Nam


Outsource

  • Embedded
  • C/C++

Create middleware/framework for SoC platforms. Conduct Integration Testing, Unit Testing, Functional Testing. Generate technical documentation and build sample applications for the product. Work with various teams to ensure project completion. Recognize, report, and resolve technical issues.

Negotiation

View details