Principal Security Architect

Job Description:

• Design & Implementation: Design and assist in the implementation of network and computer security. Maintain and enforce security standards, blueprints, and patterns.
• Risk Management: Liaise with business and IT stakeholders to clearly communicate and treat risks, ensuring compliance with security standards.
• Project Involvement: Review IT Security feedback on business cases, participate in solution design discussions, and ensure high-level designs address security risks.
• Security Requirements: Create and maintain security architecture requirements, standards, blueprints, and patterns. Review and approve low-level design documentation.
• Testing & Verification: Facilitate penetration testing activities, ensure proper scoping and communication of results, and verify that security activities meet requirements.
• Change Management: Serve as a key member of the Change Advisory Board, ensuring compliance with security standards during changes and emergency implementations.
• Collaboration: Collaborate with Cybersecurity stakeholders (e.g., Cyber Risk Management, Security Engineering) to ensure timely and high-quality execution of security activities.
• Leadership & Strategy: Contribute to the Information Security strategy, provide education and awareness on security standards, and support Mergers, Acquisitions, and Divestment (MAD) activities.
• Compliance: Ensure adherence to Information Security policies and standards, author/review such policies annually, and manage complex integration issues across multiple vendors..

Required skills/Experience:

Technical Expertise:

• Proficiency in frameworks such as TOGAF and/or SABSA.
• Strong understanding of NIST Cybersecurity Framework, NIST Secure Software Development Framework, and threat modeling frameworks (e.g., STRIDE).
• Advanced knowledge of encryption protocols, network security, mobile security, and cloud architecture.
• Strong understanding of layered security and application layer vulnerabilities.

Experience:

• At least 7-10 years in a security-related role, preferably in a regulated environment.
• Significant experience with risk management methodologies and managing an Information Security Management System (ISMS).
• Experience in presenting security topics at conferences.
• Proven problem-solving skills and the ability to work within a multidisciplinary team.

Certifications:

• Relevant certifications such as (ISC)² CISSP, ISACA CISM/CISA/CRISC, SANS GIAC, ISO27k LA/LI.

Soft Skills:

• Strong communication and report-writing skills, with the ability to relate technical issues to non-technical associates.
• Proven ability to drive high security standards across an organization.
• Ability to maintain composure under pressure and work calmly during emergencies.
• Strong vendor management experience.

Knowledge:

• Familiarity with laws, regulations, industry standards, and guidance related to Data Protection and Information Security.

Additional Skills:

• Solid awareness of the current threat landscape and modern solution architectures, incorporating zero-trust principles.
• Knowledge of operating systems (Windows, Unix, Mac OS) and cloud service provider technologies.

Language: 

• English proficiency is required.

Years of experiences: At least 7-10

Working Location: District 12 or Phú Nhuận District

Benefits/ Opportunity:

• Working in an international, dynamic and professional environment with many opportunities to develop career.
• Having opportunities of being trained oversea and working directly with oversea customer
• A stable and rewarding position where your long-term commitment will be highly valued.
• Technical & Soft skills internal training courses
• Many company activities (Sport and music festival, TMA Futsal league …) are held annually.
• Competitive salary and bonus.
• Total Health Care Insurance
• Loan Fund
• Team Building Fund