IT Security Analyst

General description

Established in 2004 and licensed by the Vietnamese Government, Vietnam Australia International School (VAS) is a private school group with the national education system offering K-12 education programmes. At present, VAS is offering educational services to nearly 8,000 students from K through 12 at 6 campuses in Ho Chi Minh City.

About this job

The IT Security Analyst will be responsible for securing the XCL school’s digital infrastructure, safeguarding sensitive parent, student and staff information, and mitigating cyber threats. This role ensures compliance with cybersecurity standards, manages network security, and enhances overall cybersecurity awareness within the institution.

Scope of the role

- Manage, monitor, and immediately and accurately alert and remediate IT security incidents.

- Cooperate with Procurement, Accounting, Finance team, and Suppliers for the IT Security control implementation projects, following the purchasing process and policy to ensure that the projects are finished on time.

- Regularly conduct security vulnerability, scanning and report the security findings to the management. Follow up to ensure the security findings are mitigated on time.

- Develop, review, and support the implementation of information security policies, standards, and procedures

- Complete other tasks assigned by Management on time.

Key Responsibilities

Security Solutions Implementation and Management

- Design, propose, and implement security solutions such as SIEM, SOAR and Vulnerabilities Management to enhance XCL 's cybersecurity posture.

- Support and manage security devices, including NGFW and WAF, ensuring the security of XCL IT systems and users

- Administer and optimize SIEM for security monitoring and incident detection.

- Configure and manage M365 security features, including Defender for Endpoint, Defender for Identity, and other M365 security components.

- Conduct Proof of Concept (PoC) evaluations for new security solutions and recommend improvements.

Security Policies, Procedures, and Compliance

- Develop, review, and support the implementation of information security policies, standards, and procedures.

Threat Monitoring and Incident Response

- Implement and oversee security monitoring systems to detect, analyze, and respond to security incidents.

- Investigate and mitigate security threats, unauthorized access attempts, and data leaks, ensuring timely incident resolution.

- Provide alerts and reports to relevant departments and management on security threats and incidents.

Vulnerability Management and Risk Assessment

- Conduct regular security vulnerability scanning of applications, servers, and network devices.

- Utilize vulnerability management tools to track, analyze, and remediate security gaps within XCL's IT infrastructure.

- Develop mitigation plans and collaborate with IT teams to address identified vulnerabilities within required timelines.

- Participate in security assessments and provide risk evaluation reports.

Collaboration with Schools Across Southeast Asia

- Support and coordinate IT security initiatives with schools in different Southeast Asian countries.

- Share best practices and ensure alignment in security policies and procedures across the region.

- Assist in regional security projects and compliance efforts.

Research and Innovation

- Research and test new security technologies and methodologies to enhance the company's cybersecurity framework.

- Stay updated with the latest security trends, threats, and regulatory requirements

Internal contacts

IT Team

Legal Team, Academic Team, Admission Team…

External contacts

Microsoft, other vendors

Additional duties

Perform other tasks as assigned by management.

The above Job Description and following Person Specification is a guide to the duties, professional responsibilities and core competences. It does not form part of the contract of employment.

KNOWLEDGE

- Qualification : Associate / Bachelor's degree in IT

- English skills : Good at English skills (writing & speaking)

- Others: Security+ or CEH, MS-500, or equivalent are preferred.

EXPERIENCE

- Experience: : At least 3 years working in IT Security.

SKILLS

- Strong knowledge of M365 security products, Microsoft Sentinel, SIEM, NGFW, WAF, and other security technologies.

- Hands-on experience with vulnerability scanning tools and incident response procedures.

- Familiarity with security frameworks and standards such as ISO 27001, NIST, and CIS.

- Excellent analytical, problem-solving, and communication skills.

PERSONAL QUALITIES

- High responsibility and enthusiasm

- Discipline compliance

- Supportive mindset

Benefits

- Compulsory Insurance (HI, SI, UI) and Personal Tax are covered by VAS.

- 13th monthly salary and KPIs bonus

- Lunch at school, Tet gift, ….

- Staff will get 50% discount of tuition for 2 children (other fees such as meal fee, school bus fee, expenses for textbooks, uniforms, extra curricula activities, entrance test fee,… are still applied as stipulated)

- Annual Company trip, Team building..

- Working in professional environment