-To develop and maintain technical policies and standards and promote compliance in line with regulator/corporate policies and local procedures and legal and international security standards (e.g. NBC Technology Risk Guideline, NIST framework and ISO27001 etc.).
-To develop and maintain technical policies and standards and promote compliance in line with on ISO 27001:2022
-To lead, develop and maintain the implementation of PCI DSS and PIN Card Payment Security, and Data Security (Data Classification & Data Loss Prevention solution).
-SWIFT Customer Security Program.
-To develop and maintain IT governance and compliance policies.
-To ensure policies are up-to-date and aligned with regulatory requirements.
-To communicate policies to relevant stakeholders.
-To monitor adherence to policies and recommend updates as needed.
-To implement zero trust architecture (ZTA) by assessing zero trust maturity model (ZTMM) across five distinct pillars as Identity, Devices, Networks, Applications, and Workloads and Data.
-To work with internal and external auditors, Woori Bank HQ, and regulatory body.
-To work collaboratively with WBC compliance, internal auditing, risk management and work with various technical teams in the design and Implementation of audit, risk assessment and regulatory compliance practices.
-To establish, promote and aware for IT security awareness and training to foster an effective security culture within the Bank.
-To tailor IT Security Awareness training and deliver training programs to educate employees about compliance requirements and best practices.
-To establish of strategies for information protection, personal information protection, and credit information management and corporate data protection.
-To perform other tasks as assigned by supervisor.

-Relevant IT qualification to Computer Science or Information Technology.
-At least 4 years of information security experiences or IT audit.
-Proven experience of developing, submitting IT audit, and compliance report to governing bodies, legal and/or external authorities.
-Experience with common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT
Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
-Proven experience in the implementation and monitoring of service performance KPIs, performance metrics, service standards and agreements.
-Experience of implementing and managing PCI-DSS compliance.
-Demonstrate experience of designing, developing and implementing information security policies within an overall Information Management strategy.
-Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to information security at a variety of levels to technical and non-technical audiences.