Senior Information Security Officer (Security Control & Compliance)

JOB DESCRIPTION

Responsible for implementing, operating, and monitoring application security controls and compliance activities to ensure that enterprise applications are secure, resilient, and compliant with internal policies and external regulatory requirements.

Key Responsibilities:

Responsibilities and accountabilities Application Security

Implement and operate application security solutions including WAF, DDoS protection, and PAM (Privileged Access Management).

Monitor privileged access activities, detect abnormal behavior, and escalate security risks.

Collaborate with development and infrastructure teams to ensure security-by-design across the application lifecycle (SDLC/DevSecOps).

Support application vulnerability assessment activities and track remediation progress.

Compliance & Policy Management

Support the development, maintenance, and updates of information security policies and procedures.

Ensure compliance with internal security standards and external regulatory requirements (e.g., audit requirements, SSC, Stock Exchange regulations if applicable).

Prepare documentation and reports for internal and external audits.

Security Monitoring & Reporting

Monitor application-related security events and access activities.

Analyze and report security risks, vulnerabilities, and incidents to management.

Track remediation status of identified security issues and ensure timely resolution.

Security Awareness & Training

Support the execution of information security awareness programs for employees.

Assist in developing training materials and communication related to application security best practices.

Project Support & Implementation

Participate in research, testing, and deployment of new application security solutions.

Support security-related initiatives in digital transformation and system upgrade projects.

Contribute to security requirement definition in IT and business projects.

JOB REQUIREMENT

Technical Knowledge

Strong understanding of web application security and OWASP Top 10.

Experience with security tools such as WAF, PAM, DDoS protection, SIEM is an advantage.

Knowledge of SDLC / DevSecOps processes.

Familiarity with information security standards such as ISO 27001, NIST, CIS and compliance frameworks.

Skills

Strong analytical and problem-solving skills in security incidents and vulnerabilities.

Ability to collaborate with cross-functional teams.

Strong reporting and documentation skills. Detail-oriented with strong logical thinking.

Education & Experience

Bachelor's degree in Information Technology, Computer Science, Information Security, or related fields.

2-5 years of experience in Application Security, Information Security, or IT Security roles.

Preferred Qualifications (Advantage)

Certifications in Application Security (CEH, eWPT, eJPT, BSCP or equivalent).

ISO/IEC 27001 Lead Implementer / Lead Auditor or CISA.

SC-300 (Identity & Access Management) certification or IAM/PAM experience.

Experience in banking, securities, fintech, or regulated financial environments.

CONTACT

PEGASI – IT Recruitment Consultancy | Email: recruit@pegasi.com.vn | Tel: +84 28 3622 8666

We are PEGASI – IT Recruitment Consultancy in Vietnam. If you are looking for new opportunity for your career path, kindly visit our website www.pegasi.com.vn for your reference. Thank you!

Job Summary

Company Type:

Product

Technical Skills:

Security

Location:

Ho Chi Minh - Viet Nam

Working Policy:

Onsite

Salary:

Negotiation

Job ID:

J02144

Status:

Active

Related Job:

Microsoft D365 F&O Senior Developer

Ho Chi Minh - Viet Nam

Outsource, Product

Dynamics 365 FO

Developing, customizing, and extending D365 F&O solutions using X++, SQL DB, .NET, and other relevant technologies, adhering to development guidelines and best practices. Customizing and configuring D365 F&O to align with specific business requirements, such as creating new modules, entities, forms, and reports, as well as modifying existing features. Diagnosing and resolving technical issues, working closely with functional consultants and customers to ensure timely problem resolution. Designing and troubleshooting SQL DB data structures of D365 F&O. Managing source code and application lifecycle with Azure DevOps and LCS tools, including source code repositories, builds, pipelines, and automation. Designing and implementing data integrations between D365 F&O and other enterprise systems to ensure consistent data flow and integrity across the organization. Collaborating with functional consultants and business analysts to clarify business requirements and technical specifications. Deploying the implemented solution, as well as performing system upgrades and applying necessary patches.

Negotiation

View details

Senior RTL Engineer (HCM)

Ho Chi Minh - Viet Nam

Outsource

Chip RTL Design
RTL

Developing synthesizable RTL (Verilog / SystemVerilog) for IP blocks and subsystems based on micro-architecture specifications. Implementing clean, scalable, and reusable IP RTL following coding guidelines and industry best practices. Designing and maintaining wrappers, parameterized RTL, and configuration logic. Integrating IPs into subsystem / SoC-level hierarchies. Ensuring correct clock, reset, power, and interface connectivity. Supporting AMBA-based interfaces (AXI/APB/AHB) and peripheral protocols (SPI, I2C, UART). Conducting RTL quality checks and signoff including lint, CDC, and RDC analysis.

Negotiation

View details

Senior Technical Expert – Automotive HPC Embedded Platforms (POSIX Linux/QNX/Android)

Ho Chi Minh - Viet Nam

Outsource

Embedded

Establish the technical direction and platform architecture for automotive HPC embedded stacks, including Linux, QNX, and Android. Manage the entire delivery and integration process to ensure quality, cost, and delivery targets are met. Provide mentorship to engineers, oversee design and code reviews, and lead problem-solving efforts for complex issues. Coordinate with teams and stakeholders globally to align on roadmaps, interfaces, and integration strategies. Take ownership of the bring-up, verification, validation, and performance optimization processes, and handle any escalations and risk management.

Negotiation

View details