GRC Engineer

Introduction

Con Cung is the biggest omni-channel company for mom & baby with 600 retail stores in Vietnam in 2021 and plan to have 1,000 stores by 2023 with 1 billion USD revenue. Con Cung's annual growth rate is more than 70%. With the vision of providing good quality products for children, Con Cung is strongly investing into Product Research and Development in order to manufacture and provide products that are suitable to the local market in terms of pricing and quality. We also invest into technology in order to manage the network and online channel efficiently.

Con Cung Corporation also develops in-house cutting-edge automation and intelligence technologies. We are seeking for young, smart & dynamic talents to grow your career together with us.

Job Description

Job Summary

The company is seeking a GRC Engineer to build and formalize its Governance, Risk, and Compliance. This role will be responsible for designing security policies, managing risk assessments, driving compliance initiatives (ISO 27001, SOC 2 Type II), and strengthening privacy and physical security processes. The engineer will work closely with technical and business teams to ensure security requirements are embedded across all operations.

Key Responsibilities

1.  Risk Assessment & Management

-  Lead periodic information security risk assessments across systems, infrastructure, and business processes.

-  Maintain the company’s risk register and ensure timely remediation and risk treatment planning.

-  Collaborate with engineering, product, and business units to ensure risks are understood, prioritized, and addressed.

-  Develop metrics and dashboards for continuous monitoring of security risks.

2.  Security Awareness & Training

-  Design and deliver security awareness programs, including phishing simulations, annual training, and role-based education.

-  Evaluate training effectiveness and recommend improvements to strengthen security culture.

-  Work with HR to integrate security training into onboarding and staff development.

3.  Security Policy & Procedure Development

-  Develop, maintain, and improve security policies, standards, and procedures across all departments.

-  Ensure policies align with industry frameworks (NIST, ISO 27001) and regulatory requirements.

-  Support the rollout and enforcement of policies across teams and business units.

4.  Physical Security

-  Collaborate with facilities and operations teams to assess physical security across stores, warehouses, and offices.

-  Conduct risk assessments related to access control, surveillance, and asset protection.

-  Develop physical security guidelines and coordinate periodic audits.

5.  Data Protection & Privacy

-  Support the implementation and operation of data protection and privacy programs.

-  Assist in identifying and managing personal data risks, data flows, and data handling procedures.

-  Collaborate with legal and IT teams to support compliance with privacy regulations.

-  Participate in incident management related to data breaches and privacy risks.

6.  Certification & Compliance (ISO 27001, SOC 2 Type II)

-  Contribute to the preparation, implementation, and maintenance of certification projects (e.g., ISO 27001, SOC 2 Type II).

Job Requirements

-  1–3+ years of experience in governance, risk management, compliance, or cybersecurity.

-  Strong understanding of information security fundamentals, risk assessment methodologies, and compliance frameworks.

-  Experience with ISO 27001, SOC 2, or similar compliance programs.

-  Ability to write clear policies and communicate security concepts to both technical and non- technical audiences.

-  Good analytical, documentation, and project management skills.

-  Organized, detail-oriented working style with a proactive attitude.

Nice-to-have:

-  Experience in privacy programs (GDPR, local privacy laws).

-  Familiarity with business continuity planning, vendor risk management, or audit processes.

-  English communication.

-  Relevant certifications: ISO 27001 Lead Implementer/Lead Auditor, CRISC, CISA, Security+, or equivalent.

Benefit

-  Annual bonus: 2 - 3 months under minimum KPI requirement

-  Fast promotion opportunities based on personal ability

-  Work in a dynamic, open, creative environment

-  Regular training, company team building, birthday bonus

About Concung.com

-  Working time: 8:30 - 17:30 Monday - Friday

-  Working place: 5th Floor, Con Cưng Super Center, 09 Nguyen Trai Street, Ben Thanh Ward, Dist. 1, HCMC