Manager, IT Security and Compliance

• To develop and maintain technical policies and standards and promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
• Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
• Assist the end-user, other IT professionals, and external customers in requesting security variances and implementation of subsequent configuration change requests.
• Maintains system documentation and configuration data for regulatory and audit purposes.
• Develop and maintain documentation for security systems, procedures and security diagrams.
• Coach and guide Service Desk and Desk Side Support technicians in their incident response, directing incident first responder actions, and appropriately escalating issues.
• Support information security architectural requirements.
• Ensure all IT systems and processes are complied with IT policy/procedure and well documented.
• Conduct regularly security check on LAN/WAN of IT Infrastructure and IT Applications System for HO and Branch Offices.
• Lead, motivate and train IT team and guarantee their level of knowledge and expertise.
• Perform IT security training to end users.
• Participate in IT risk assessment identification and explore and implement mitigation solutions.
• Cyber risk assessment and compliance.
• Work closely with the various cross-functional teams to establish, formulate, and monitor the security policies, manual and guidelines in line with WBC’s organization’s cyber security directions.
• Check and collect backup log to ensure the backup job has been done and report to relevant staffs to take an immediate action in case of failure.
• Monthly security checks in Data Center and DR site.
• Regularly scan and report for unauthorized access in systems.
• Enforce the proper implementation of IT Security in order to comply with IT Security policy and procedure.
• Perform other tasks as assigned by supervisor.

• Relevant IT qualification to Computer Science or Information Technology.
• At least 4 years of information security experiences or IT audit.
• Proven experience of developing, submitting IT audit, and compliance report to governing bodies, legal and/or external authorities.
• Experience with common information security management frameworks, such as International Standards Organisation (ISO) 27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
• Proven experience in the implementation and monitoring of service performance KPIs, performance metrics, service standards and agreements.
• Experience of implementing and managing PCI-DSS compliance.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
• Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
• Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.

Phone: 087 666 870

Head Office Address: Building #398, Preah Monivong Blvd, Sangkat Boeung Keng Kang I, Boeung Keng Kang, Phnom Penh.