IT GRC Analyst Associate

ACCOUNTABILITIES

1. GRC Security

• Security policies review and supporting procedures/ processes follow cybersecurity framework or adherence to standards
• Work closely with IT teams or other departments to implement controls on security practices
• Internal and external audits
• Assist with operating IT Risk assessments (organizational, business process, third party, etc.)
• Co-operate security assessments (application, vulnerability, audit)
• Coordinate written responses from customers and prospects on Information Security controls and regulatory compliance
• Develop security compliance or routine reports
• Assist in investigative and remediation efforts in case of security and compliance breaches
• Promote security awareness and cultivate employees’ adherence to information security practices

2. Data Privacy

• Serve as the main point of contact within the organization for staff members, regulators, and relevant public authorities on issues related to data protection.
• Ensure that company policies are following codes of practice of Decree 13/2023 – Personal Data Protection.
• Evaluate the existing data protection framework to identify areas of no or partial compliance and rectify any issues.
• Devise training plans and provide data protection advice to staff members.
• Inform and advise the data controller or data processor on all matters related to data protection.
• Draft new and amend existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.

QUALIFICATION & Person specification

Qualification

• Bachelor’s degree in IT, Management, Business Administration, Finance & Accounting, Law or related field
• 01 years of experience in IT Security, IT Risk Management, Compliance, or related field

Abilities/Skills:

Knowledge, skills and experience:

• Knowledge of information security risk management frameworks and compliance practices
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Knowledge of common security standards and regulations relating to information security frameworks (NIST, CIS, ISO2700x, etc.)
• Knowledge of current and upcoming data privacy and cybersecurity laws in Vietnam.

Soft-skills and attributes:

• Ability to maintain a high level of discretion and confidentiality.
• Ability to work independently, proactively under high pressure with good problem-solving skills.
• Ability to interact with all levels.
• Be proactive, initiative, flexible, conscientious, responsible, honest and prudent.
• Hard-working and ready to work in pressure environment to meet deadline.
• Good verbal and written communication skills in both English and Vietnamese
• Good presentation skills
• Good teamwork skills