1. Governance & Security Frameworks:

Develop, implement, and maintain information security policies, standards, and procedures in line with PCI-DSS, ISO 27001, NIST, and other industry best practices.
Ensure security governance is integrated into business processes, IT strategy, and operational workflows.

2. Risk Management:

Conduct cybersecurity risk assessments, identify vulnerabilities, and develop risk mitigation strategies.
Oversee Third-Party Risk Management (TPRM) by evaluating security risks from vendors, partners, and suppliers.
Collaborate with IT teams to monitor and enhance security controls, ensuring that critical business systems remain resilient against threats.
Support Business Continuity Planning (BCP) and Disaster Recovery (DR) strategies to ensure operational resilience.

3. Compliance & Regulatory Adherence

Ensure compliance with Vietnamese cybersecurity laws and international regulations (e.g. PCI-DSS, ISO 27001, Data Law, Decree 13…).
Work with internal and external auditors to manage IT security audits, compliance assessments, and security certifications.
Conduct security awareness training and promote a security-conscious culture across Be Group.

Bachelor’s degree in information security, Computer Science, Risk Management, or related fields.
3+ years of experience in GRC, cybersecurity, or IT risk management roles.
Hands-on experience with security compliance frameworks such as ISO 27001, NIST, PCI-DSS, GDPR, SOC 2, ...
Experience in conducting risk assessments, security audits, and compliance reviews.
Knowledge of Vietnamese cybersecurity regulations and data protection laws is a plus.

Strong understanding of IT security principles, risk management methodologies, and compliance frameworks.
Ability to interpret legal and regulatory requirements and translate them into actionable security policies.
Strong analytical, problem-solving, and project management skills.

Senior IT GRC Specialist

Application form