Information Security Governance, Risk, and Compliance

Job No: GRC_HN_1122

Job type: Full time

Location: Hanoi

Categories: Technology

Grant Thornton (Vietnam) Limited is an independent member firm of Grant Thornton International. We are a leading professional services organisation in Vietnam providing Audit, Tax, Advisory and Business Process Solution services. We have a professional team of 12 Partners and more than 300 professional staffs in offices located in Hanoi and Ho Chi Minh City.

In order to meet the demand of our growing practices, we are looking for a qualified candidate to fill in a position of Information Security Governance, Risk, and Compliance of our Hanoi office. Detailed tasks of and required qualifications for this position are as follows:


Essential Duties and Responsibilities

  • Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that align and advance firm business objectives;
  • Evaluate risks and develop security standards, procedure, and control to manage risks;
  • Update security controls and provide support to all stakeholders on security controls covering internal assessments;
  • Document and report control failures and gap to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities;
  • Define and document business process responsibilities and ownership of the controls. Schedule assessments and testing of effectiveness and efficiency of controls;
  • Strong understanding of security risk management frameworks standard such as ISO 27001, NIST 800-53, Business continuity;
  • Perform other related duties as assigned.


Required Qualifications/skills

  • BS in Computer Science or similar field;
  • Two years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management;
  • Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
  • Skills in Information systems auditing, monitoring, controlling, and assessment process;
  • Effectively communicate technical issues to diverse audiences, both in writing and verbally;
  • Ability to maintain security documentation and manuals.
  • Have good written communication and report writing in English


Desired competencies:

  • Initiative: Demonstrate a thirst to understand how your role fits in and seeks opportunities to contribute beyond own role;
  • Adaptability: Shows agility and easily adjusts to changing work situations; and
  • Ownership: Takes responsibility for own actions and learns from experience.


Application Requirements:

  • Your application, resume must be in English;
  • Name your file with quoting reference (Application – GRC – Hanoi Office);
  • The total document file size must not exceed 2MB;
  • Deadline:10 Feb 2023
  • Application & CV to be sent to:

Applications for this position are now closed