Information Security Director/manager

ABOUT VINUNIVERSITYVinUniversity (VinUni: https://vinuni.edu.vn/) is the first private, not-for-profit Vietnamese university established based on international standards. The university integrates the models of excellent international universities with the unique cultural and economic characteristics of Vietnam, to make a breakthrough in Vietnamese higher education and to become a world-class university.VinUniversity has strategic collaborations with the world’s leading universities, including Cornell University and the University of Pennsylvania. These universities have become close advisors and crucial enablers in establishing the four colleges at VinUniversity: College of Arts and Sciences, College of Business and Management, College of Engineering and Computer Science, and College of Health Sciences. Every aspect of the University: its curricula, research, faculty, student body, facilities, and campus life, is being developed to meet the highest standards set by the world’s leading accrediting and ranking organizations, such as ABET, AACSB, Quacquarelli Symonds (QS) and Times Higher Education (THE).VinUniversity’s founding benefactor, Vingroup, is one of the biggest private conglomerates in Asia with the largest market capitalization value in Vietnam. As a multisector corporation, Vingroup focuses on three main areas: Technology; Industry; and Property Services. VinUniversity is proud to be a part of the Vingroup ecosystem, giving its students opportunities to connect with several high-quality research institutes (such as VinAI, and VinBigData), pioneering industrial enterprises (such as VinFast), and leading Vietnamese companies (such as Vinpearl, Vinmec, and Vinhomes).THE OPPOTURNITYThe Information Security Director/Manager is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The DIRECTOR will lead the Information Security function, working closely with other senior executives, IT team members, and external stakeholders to manage and mitigate security risks. POSITION RESPONSIBILITIES REPORT TO: Board of Management1. Strategy & Planning:- Develop and implement a comprehensive information security strategy and program.- Establish security policies, procedures, and standards to protect company assets.- Lead risk assessment and management processes, including threat modeling and vulnerability assessments.2. Leadership & Management:- Manage a high-performing information security function.- Provide guidance and mentorship to IT members and stakeholders.- Coordinate with other departments to ensure alignment with security policies and objectives.- VinUniversity is an academic environment that requires collaboration and involvement with students on projects or courses related to information security.3. Compliance & Governance:- Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS).- Oversee the development and implementation of information security policies and procedures.- Conduct regular audits and assessments to ensure ongoing compliance.4. Incident Response & Management:- Develop and oversee incident response planning and execution.- Lead the response to security breaches and incidents, including forensic analysis and remediation.- Communicate with relevant stakeholders during incidents, including executive management and, when necessary, external parties.5. Education & Awareness:- Promote security awareness across the organization.- Develop and deliver training programs to educate employees on security best practices and policies.6. Technical Oversight:- Stay abreast of the latest security technologies, threats, and trends.- Oversee the implementation and management of security technologies and solutions (e.g., firewalls, intrusion detection/prevention systems, endpoint protection).7. Vendor Management:- Manage relationships with external vendors and service providers.- Assess and select security vendors to ensure they meet the company‘s security requirements.- Negotiate contracts and service level agreements to maximize value and security benefits.- Oversee vendor performance and ensure compliance with contractual obligations.