Cybersecurity Program Lead

Introduction

Con Cung is the biggest omni-channel company for mom & baby with 600 retail stores in Vietnam in 2021 and plan to have 1,000 stores by 2023 with 1 billion USD revenue. Con Cung's annual growth rate is more than 70%. With the vision of providing good quality products for children, Con Cung is strongly investing into Product Research and Development in order to manufacture and provide products that are suitable to the local market in terms of pricing and quality. We also invest into technology in order to manage the network and online channel efficiently.

Con Cung Corporation also develops in-house cutting-edge automation and intelligence technologies. We are seeking for young, smart & dynamic talents to grow your career together with us.

Job Description

Job Summary

The Cybersecurity Program Lead is responsible for developing, implementing, and managing the organization's cybersecurity strategy, ensuring alignment with business objectives. This role involves working closely with senior leadership, department heads, and key stakeholders to enhance security posture, integrate cybersecurity measures into business processes, and drive compliance with industry standards. The Cybersecurity Program Lead will oversee security program governance, risk management, compliance, and continuous improvement while demonstrating security investment ROI to the Board of Directors.

Key Responsibilities

Security Roadmap & Strategic Alignment

-   Assist departments in developing and executing security roadmaps aligned with corporate cybersecurity strategy.

-   Engage with senior business stakeholders to align security initiatives with business goals and obtain buy-in.

-   Identify security gaps across ICT and OT environments and define action plans to mitigate risks.

-   Ensure alignment with industry standards such as NIST CSF, ISO 27001, OWASP SAMM, and IEC 62443.

Security Program Implementation & Governance

-   Oversee the development, implementation, and maintenance of security policies, standards, and controls.

-   Conduct security reviews, audits, and compliance assessments to ensure adherence to internal frameworks and external regulations.

-   Drive continuous security posture improvements, ensuring adaptability to evolving threats.

Business Engagement & Stakeholder Management

-   Act as a liaison between security and business units, ensuring alignment between security strategies and business operations.

-   Develop and present security insights, risk reports, and business cases to executives and stakeholders.

-   Collaborate with IT, compliance, and legal teams to ensure cross-functional integration of security measures.

Emerging Threats & Continuous Improvement

-   Stay ahead of emerging cyber threats, trends, and security technologies.

-   Recommend and drive the adoption of advanced security solutions, including Zero Trust Architecture, endpoint protection, network segmentation, and cloud security controls.

-   Lead penetration testing, red team/blue team exercises, and threat intelligence initiatives.

Cybersecurity Operations & Incident Response

-   Oversee Security Operations Center (SOC) activities, ensuring proactive monitoring of threats.

-   Implement and refine incident response and crisis management plans.

-   Conduct tabletop exercises and real-world incident simulations to improve preparedness.

Compliance & Certification Management

-   Drive ISO 27001 certification efforts and oversee periodic audits.

-   Ensure compliance with regulatory requirements, including GDPR, PCI-DSS, NIS2, and IEC 62443.

-   Manage third-party security assessments and vendor risk management programs.

Job Requirements

-   5 years or more experience in cyber security, either in a similar role or as a consultant.

-   Knowledge of international standards and frameworks with regards to information and cyber security such as the ISO 27000 series and NIST Cybersecurity Framework.

-   Knowledge of security processes, technologies and architecture

-   Proven experience in program/project management methodologies and best practices

-   The capability to translate information security risks and requirements in business language.

-   A pro-active attitude & the ability to think outside of the box

-   Works in an organised, structural manner

-   Can do attitude, get’s things done

-   Excellent communication skills with diverse audiences

-   Strong critical thinking and analytical skills

-   Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects

Benefit

-   Annual bonus: 2 - 3 months under minimum KPI requirement

-   Fast promotion opportunities based on personal ability

-   Work in a dynamic, open, creative environment

-   Regular training, company team building, birthday bonus

About Concung.com

-   Working time: 8:30 - 17:30 Monday - Friday

-   Working place: 14th Floor, Phu My Hung Tower, Tan Phu Ward, Dist. 7, HCMC