Duties & Responsibilities
- Understand the Bank’s requirement and environment and then designs and develops the overall Identity & Access Management Governance and Regulatory Framework which follows the best practice frameworks of local regulatory or international.
- To develop and maintain technical of access control policies, manuals, guidelines in order to promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
- Establishes, advises, and coordinates user’s Identity & Access Management compliance framework with IT relevant teams.
- Develops and implements Identity & Access Management Standards in line with internal policies and global frameworks by working with and managing senior stakeholders.
- Identifies roles for staff, processes, and technologies required for trusted identification, authentication, and authorization within the Trusted Identity systems.
- Study and consider to on-board the system solution tool for Privileged Access Management.
- Defining the user role access matrix and quarterly review for compliance report.
- Enabling the user activity logs or audit trail and monthly reviewing for compliance report.
- Improving the IT service of user request for creating user account on the system.
- Periodically reviewing report for the active user, in-active user, staff resign/movement, staff prolong leave, officer in-charge (OiC), new staff join, terminated staff, and user request.
- Defining dual control password for super ID account of the WBC’ systems.
- Develop and lead training and awareness sessions with the relevant IT Teams to promote a culture of security, privacy and advice business and sector leads to understand how Identity & Access Management requirements affect their area.
- Induction the Identity and Access management policies, manuals and guidelines to new on-board IT staffs in order to aware them of their responsibilities.
- Monitor and maintain the corrective practical of user creation, deletion, modification request and approve.
- Review and analyze new products and services, including online and mobile applications, to meet Identity & Access Management requirements.
- Provide the supporting the required documents from HQ, internal and external audit, SWIFT, PCI-DSS, NBC, etc.
- Implementation of the finding points for improving the IT Security controls based on the findings recommendation.
- Update report properly about the status of the finding implementation to the IT management.
- Raise or propose for any concerns the missing controls to the IT Management for further action.
- Develop the team’s expertise and professionalism.
- Build self-capacity through on-going learning and development.
- Ensure on time implementation of PDM performance development, coaching and annual appraisal.
- Build and maintain relationship with staff, supervisors and other stakeholders.
- Relevant IT qualification to Computer Science or Information Technology.
- At least 4 years of information security experiences or IT audit.
- Proven experience of developing, submitting IT audit, and compliance report to governing bodies, legal and/or external authorities.
- Experience with common information security management frameworks, such as International Standards Organisation (ISO) 27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Proven experience in the implementation and monitoring of service performance KPIs, performance metrics, service standards and agreements.
- Experience of implementing and managing PCI-DSS compliance.
- Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
- Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
- Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.
We offer competitive remuneration package and opportunity for career and personal development.
How to Apply
Phone: 087 666 870
Head Office Address: Building #398, Preah Monivong Blvd, Sangkat Boeung Keng Kang I, Boeung Keng Kang, Phnom Penh.