Associate Director, IT Security and Governance

​About FWD Vietnam

FWD Group is a pan-Asian life insurance business with more than 13 million customers across 10 markets, including some of the fastest-growing insurance markets in the world. The company was established in 2013 and is focused on changing the way people feel about insurance. FWD’s customer-led and digitally enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience.

FWD Vietnam was established in 2016 and is a member of FWD Group. 

For more information, please visit www.fwd.com.vn

• Provide oversight and governance of IT risk and security policy requirements for FWD VN.
• Serves as the process owner and handles all the IT risk and security related issues of FWD VN
• Ensure IT operations and activities comply with IT security standards set by FWD Group
• Ensures also that IT risk and security implementation are in compliance with business strategies, organization policies and requirements

THE JOB:

• Ensuring relevant IT security processes and controls are implemented in FWD VN, which includes advisory and support for such activities.
• Interfacing with auditors and regulators in ensuring that IT audit and compliance programs are co-ordinated and managed.
• Conduct periodic security compliance checks (e.g. clean desk, security awareness briefings)
• Perform IT risk assessment for new or existing IT systems, including completion of annual penetration tests and security code reviews.
• Ensure that baseline security is in place, vulnerabilities scanning and patch management are carried out periodically as required
• Perform IT control reviews, e.g. firewall rules, logs, access rights reviews, etc.
• Ensure that IT security incidents are investigated, reported and associated risks being managed.
• Support IT teams to implement new or enhanced management/security and monitoring tools based on the directions given by Group IT.
• Ensure IT operation is still able to sustain and meet the business needs in case of any probable disaster.

THE PERSON:

• Excellent interpersonal and influential skills to enable the implementation of security program and MAS TRM compliance activities.
• Good communication skills with senior management, IT professionals and users.
• Good oral and written communication and presentation skills.
• Sound knowledge of Information Security management frameworks & best practices
• Having IT Disaster Recovery management related experience will be an advantage.
• Technical skills and hands-on experience on IT security related solutions (endpoint protection, vulnerability management, security hardening, firewalls, web application security scanning, etc.)