- To develop and maintain technical policies and standards and promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
- Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
- Assist the end-user, other IT professionals, and external customers in requesting security variances and implementation of subsequent configuration change requests.
- Maintains system documentation and configuration data for regulatory and audit purposes.
- Develop and maintain documentation for security systems, procedures and security diagrams.
- Coach and guide Service Desk and Desk Side Support technicians in their incident response, directing incident first responder actions, and appropriately escalating issues.
- Support information security architectural requirements.
- Ensure all IT systems and processes are complied with IT policy/procedure and well documented.
- Conduct regularly security check on LAN/WAN of IT Infrastructure and IT Applications System for HO and Branch Offices.
- Lead, motivate and train IT team and guarantee their level of knowledge and expertise.
- Perform IT security training to end users.
- Participate in IT risk assessment identification and explore and implement mitigation solutions.
- Cyber risk assessment and compliance.
- Work closely with the various cross-functional teams to establish, formulate, and monitor the security policies, manual and guidelines in line with WBC’s organization’s cyber security directions.
- Check and collect backup log to ensure the backup job has been done and report to relevant staffs to take an immediate action in case of failure.
- Monthly security checks in Data Center and DR site.
- Regularly scan and report for unauthorized access in systems.
- Enforce the proper implementation of IT Security in order to comply with IT Security policy and procedure.
- Perform other tasks as assigned by supervisor.
- Relevant IT qualification to Computer Science or Information Technology.
- At least 4 years of information security experiences or IT audit.
- Proven experience of developing, submitting IT audit, and compliance report to governing bodies, legal and/or external authorities.
- Experience with common information security management frameworks, such as International Standards Organisation (ISO) 27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
- Proven experience in the implementation and monitoring of service performance KPIs, performance metrics, service standards and agreements.
- Experience of implementing and managing PCI-DSS compliance.
- Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
- Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
- Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.
We offer competitive remuneration package and opportunity for career and personal development.
Phone: 087 666 870
Head Office Address: Building #398, Preah Monivong Blvd, Sangkat Boeung Keng Kang I, Boeung Keng Kang, Phnom Penh.