Senior IT Security Officer (mảng Architecture)

1. Risk Assessment & Mitigation: Conduct security risk assessments for new and existing systems, identify vulnerabilities, and recommend mitigation strategies.
2. Technology Evaluation: Assess emerging technologies and security tools to enhance the organization’s security posture and recommend adoption where appropriate.
3. Compliance & Governance: Ensure adherence to regulatory requirements, industry standards (ISO 27001, PCI DSS, GDPR etc.), and internal security policies.
4. Data Protection & Privacy: Design and implement controls to safeguard Personally Identifiable Information (PII), sensitive data, and ensure compliance with data protection laws (e.g., GDPR, local regulations).
5. Collaboration & Advisory: Work closely with IT teams, project managers, and business units to integrate security controls into solution designs and development lifecycles.
6. Security Implementation: Implement security systems, server systems (Windows, Linux), databases, network infrastructure, and cloud environments; Review and optimize security configurations on servers, network devices, security appliances, storage systems...
7. Security Operations: Operate and maintain critical security systems such as WAF, IPS/IDS, Vulnerability Management...
8. Incident Response: Support: Provide architectural guidance during security incidents and assist in root cause analysis and remediation planning.
9. Documentation & Reporting: Maintain detailed documentation of security architecture, policies, and procedures; prepare reports for management and stakeholders.
10. Continuous Improvement: Stay updated on cybersecurity trends, threats, and best practices to proactively strengthen security frameworks.
11. Provide training and enhance cybersecurity awareness within the organization.
12. Research, propose, and implement new security technologies to improve security assessment and protection of IT systems.
13. Perform other tasks as assigned by manager.

1. Education: Bachelor's degree in Information Security, Cybersecurity, Cryptography, IT, Telecommunications, Computer Science, or related fields.
2. Technical Knowledge:
- Proficiency in at least one programming language (PHP, Python, C/C++, Java) and understanding of Software - Development Life Cycle (SDLC).
- Strong knowledge of network security, cloud security, encryption, identity management, and secure software development practices.
3. Skills:
- Documentation and report writing skills.
- Effective communication and presentation skills.
- Analytical and problem-solving abilities.
- Risk management skills.
4. Experience:
- Minimum of 3 years of experience in IT security, including security architecture or related cybersecurity roles.
- Identifying and assessing vulnerabilities in IT systems.
- Security standards such as PCI DSS, OWASP, and cybersecurity attack techniques.
- Reviewing security requirements in BRD and business processes before system development.
5. Preferred Qualifications: Security certifications such as CEH, CISSP, CISM, SABSA... preferred..