Back to search
Timo Digital Bank by BVBank Linkedin · Posted 15d ago

Senior IT GRC

Ho Chi Minh City

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

About Timo


Launched in 2015, Timo pioneered digital banking in Vietnam with a mission to make banking faster, simpler, and more accessible.

Today, as part of one of Southeast Asia’s leading digital financial services platforms, Timo is building secure, scalable, and customer-first digital banking experiences for millions of users across Vietnam.

We are looking for curious minds and driven talents from fintech, digital banking, and technology companies who are excited to move fast, build meaningful products, and help shape the future of banking in Vietnam.


About the Role


We are looking for a Senior IT GRC to assist in driving a robust Governance, Risk, and Compliance framework across Timo and Kredivo Group.

In this role, you will operate at the intersection of security governance, risk mitigation, and regulatory alignment. You will be responsible for promoting our information security framework, ensuring all products, systems, and third-party partnerships meet the highest international and local security regulations. Working closely with Timo's IT, engineering, and business stakeholders, you will drive systemic security resilience, conduct critical audits, and establish continuous feedback loops to protect Timo's digital banking platform and its customers.

You will report to the Infosec Lead.


What You Will Do

  • Regulatory Compliance Management: Continuous monitoring and compliance maintenance with rigid Vietnamese Banking and Personal Data Protection regulations.
  • Audit & Assessment Coordination: Lead, coordinate, and respond to at least annual cycles of strict internal and external audits—including regulatory inspections and critical compliance assessments.
  • Governance & Policy Monitoring: Conducting regular policy compliance monitoring, internal control reviews, and governance structural updates across entities; continuously updating and refining internal policies, procedures, and standards to ensure strict regulatory compliance.
  • International Standards Maintenance: Prepare evidence and drive annual assessments to maintain the PCI DSS Level 1 Standard certification.
  • Identity & Access Governance: Leading the comprehensive User Access Review (UAR) program applications across internal and external core systems.
  • Third-Party Risk Management (TPRM): Conducting comprehensive risk assessments and mitigation plans for all vendors and third-party partners.
  • Security Culture: Driving and planning security awareness training across all business, technical units.


What We Are Looking For


Experience

  • 3+ years of hands-on experience directly related to IT Security Governance, Risk, and Compliance (GRC).
  • Proven track record of participating in or leading the implementation and assessment of international governance frameworks (PCI-DSS, ISO-27001).
  • Experience operating in highly regulated, production-scale environments (Fintech, Banking, or Digital Services).
  • Comfortable collaborating with cross-functional stakeholders, software engineers, and external third-party entities.


Skills & Expertise

  • Frameworks & Methodologies: Deep, practical knowledge of GRC frameworks, security audit methodologies.
  • Security Controls Familiarity: Strong fundamental knowledge of network security, IAM (Identity and Access Management), and enterprise security tools (Antivirus, Firewalls, SIEM, IDS/IPS, Cloud Security) to effectively review system configurations and access controls.
  • Vendor Risk Assessment: Strong capabilities in defining, evaluating, and managing third-party security baselines.
  • Professional Working English: Regular collaboration with Kredivo's regional Team and Timo's local teams.


Attributes

  • Highly Responsible & Proactive: You don't wait for compliance gaps to be found; you actively collaborate to strengthen defenses.
  • Pragmatic Communicator: You can translate complex security regulations and risk metrics into actionable steps for engineers and business leaders alike.
  • Analytical & Structured: Exceptional attention to detail when conducting system-access audits and reviewing security policies.


Bonus Points

  • Possession of professional security/auditing certifications: CRISC, CISA, CISM, CISSP, CGRC or equivalent.
  • Prior experience navigating SBV (State Bank of Vietnam) and MPS regulatory requirements for digital banking.
  • Experience in Cloud Environments and automated GRC workflows.


Why Join Us

  • Help defend and govern one of Vietnam's leading digital banks and the customers who trust it.
  • Work as part of Kredivo Group's regional security team (Vietnam, Indonesia, Singapore).
  • Hands-on GRC and security resilience work across a real, large-scale fintech environment.
  • Hybrid model: 4 days HCMC office, 1 day work from home.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent