Director, Information Security
Date:
Jul 17, 2026
Location:
Viet Nam
Office Location:
Ho Chi Minh City, Vietnam
Scope & Dimension
- Overall responsibility for Information Security governance, Cyber Security, Technology Risk, and Technology Controls across Vietnam Branches.
- Manage the Information Security team, including staff development, performance, and resource planning.
- Oversee Information Security policies, controls, risk management, regulatory compliance, and audit activities.
- Lead local and regional Information Security initiatives and provide regular management reporting on security risks, incidents, controls, and remediation progress.
- Address the regulatory requirements on Information security matters.
- Develop and maintain branch cybersecurity strategy, roadmap, security metrics, and Key Risk Indicators (KRIs).
- Collaborate with Regional Information Security and act as the branch lead to coordinate and drive implementation of regional and global cybersecurity initiatives, standards, tools, and programs
Key Responsibilities
a. Information Security Governance & Compliance
- Establish and maintain Information Security policies, standards, procedures, and governance frameworks.
- Ensure compliance with applicable regulations, Head Office requirements, and regional standards.
- Lead regulatory impact assessments, compliance gap analyses, remediation plans, and regulatory reporting.
- Promote security awareness and foster a strong security culture across Vietnam Branches.
- Identify process/capabilities gaps and inefficiencies within IT and IS frameworks; recommend and implement pragmatic improvements to enhance security posture and risk management
b. Technology Risk & Control Management
- Provide effective first-line challenge (1LOD) on risk identification, prioritisation, and remediation, and deliver risk opinions and recommendations to management and second line of defence (2LOD).
- Support 2LOD in strengthening risk governance practices, including the development of Key Risk Indicators (KRIs), enhancement of the Technology Risk Management framework, and ongoing monitoring and reporting.
- Oversee Technology and Security GRC activities across APAC entities, including consolidation of risk reporting, support for internal and external audits, and review of risk acceptance requests.
- Provide security and risk advisory support for business initiatives, technology projects, risk acceptances, and third-party engagements.
- Ensure effective implementation and monitoring of key security controls, including access management, privileged ID controls, security reviews, vulnerability management, and operational control testing.
- Monitor control remediation activities and report risk and control status to management.
c. Cyber Security Operations
- Lead cyber security programmes, security monitoring, cyber resilience initiatives, and incident management.
- Oversee threat monitoring, security investigations, cyber exercises, and incident escalation processes.
- Drive continuous enhancement of cyber defence capabilities and deployment of security technologies and tools.
d. Audit, Stakeholder & Strategic Project Management
- Serve as the primary liaison for Information Security audits, regulatory examinations, and regional reviews.
- Coordinate audit responses, remediation tracking, and closure of findings.
- Partner with regional teams, Head Office, business units, and external stakeholders to implement security standards and initiatives.
- Lead and support strategic Information Security projects and regional standardisation programmes.
Hiring requirements
Education & Certifications
- Bachelor's degree or higher in Information Security, Cyber Security, IT, Computer Science, or related fields.
- Knowledge of data protection and privacy regulations is an advantage.
Experience
- 10+ years of experience in Information Security, Cyber Security, IT Risk, or IT Governance.
- 5+ years of leadership or people management experience.
- Experience in banking, financial services, or other regulated industries.
- Hands-on experience in audits, regulatory compliance, and security risk management.
Competencies
- Strong knowledge of Information Security governance, cyber security, and technology risk management.
- Experience with access management, security monitoring, vulnerability management, and incident response.
- Understanding of IT controls, outsourcing risk, and regulatory requirements.
- Ability to lead security transformation and compliance initiatives.
- Strong leadership, stakeholder management, and team development skills.
- Ability to work effectively with management, regulators, auditors, and regional teams.
Preferrable
- Experience in a foreign bank, multinational financial institution, or regional environment.
Proven ability to build and lead an Information Security function