Security Leader/Manager

Mô tả công việc

The Security Manager is responsible for building and leading beGroup’s security function. This role owns the overall security strategy, governance, and roadmap, and manages the SecOps and AppSec engineers to ensure that security enables fast, safe product delivery rather than blocking it.

1. Security Strategy & Governance

• Define and maintain the security vision, roadmap, and priorities aligned with business goals.
• Establish and maintain security policies, standards, and guidelines (identity, access, engineering, incident, vendor).
• Own the risk register: identify, assess, track, and communicate key risks, mitigations, and risk acceptances (with expiry).
• Support audits and regulatory requirements (e.g., Vietnamese PDPD, payments/compliance standards as applicable).

2. Team Leadership & Operating Model

• Lead and mentor the SecOps and Application Security engineers; define clear responsibilities and success metrics.
• Design and continuously improve the security operating model (how security works with Engineering, Product, SRE, IT, Data, Finance).
• Plan headcount, hiring, onboarding, and performance reviews for the security team.

3. Identity, Access & Production Guardrails

• Oversee identity and access governance across cloud platforms and key systems (SSO, MFA, admin access, privileged accounts).
• Define and enforce principles for least-privilege and segregation of duties for production and sensitive environments.
• Ensure regular access reviews are run and tracked by the right owners (Security, IT, Engineering).

4. SecOps & Incident Management (Oversight)

• Own the incident management framework: severity levels, roles, communication, and post-incident reviews.
• Ensure the SecOps engineer designs and operates effective monitoring, detection, and incident response.
• Report material incidents and long-term corrective actions to the Engineering Director and leadership.

5. Application Security & SDLC (Oversight)

• Define the AppSec program: secure SDLC, minimum controls, CI/CD security gates, and review processes.
• Ensure the AppSec engineer delivers and maintains SAST, SCA, DAST, secrets scanning, and secure coding guidelines.
• Drive developer enablement (training, simple guidelines, self-service tools) rather than manual security bottlenecks.

6. Stakeholder Management & Communication

• Act as the single point of contact for security for executives and key stakeholders.
• Communicate security risks, trade-offs, and decisions in clear business language (not only technical terms).
• Partner with Product, Engineering, SRE, Data, Legal, and Compliance to ensure security enables business speed, not slows it down.

Yêu cầu công việc

Education & Experience

• 7–10+ years of experience in Information Security, AppSec, SecOps, or related fields.
• 3+ years of experience in leading or managing security or technical teams.
• Proven experience in building or maturing a security program in a low- or mid-maturity environment (0→1 or 1→N).
• Experience working closely with product engineering teams in a fast-paced, cloud-native environment.

Skills & Competencies

• Solid understanding of both SecOps (IR, detection, logging, EDR, cloud security) and AppSec (SDLC, CI/CD, code scanning).
• Good grasp of risk frameworks and security standards (e.g., ISO 27001, NIST, CIS Benchmarks, OWASP).
• Strong stakeholder management and communication; able to translate technical risk into business language.
• Ability to prioritize and make pragmatic decisions under constraints (time, budget, people).

Phúc lợi

• 13th salary
• Social Insurance
• Medical healthcare
• Annual health check
• 15 days annual leave
• Transportation and flight ticket fee (BE’s services)
• Performance bonus
• Holiday bonus
• Team Building and many engagement activities