Khoa Cao

Experience

• 

  UMC

  Dec 2011 - Apr 2012

  Internship
• 

  RMIT University

  Apr 2012 - Jun 2012

  IT Support

  • IT Support

• 

  Gameloft Vietnam

  Jun 2012 - Jun 2014

  IT Technician

  • Monitoring Networking System• Writing the working process between the IT teams of the Company’s branches in• Vietnam, Checking the execution of the users of the Company’s Networking Policy• Audit and manage fixed assets, work with accountant regard planning buy/disposal ITdevices• Support end users via phone call, ticket system, etc.

• 

  Harveynash Vietnam

  Jun 2014 - Dec 2016

  Application Support Analyst

  • At Harveynash Vietnam I was trained a month at Australia regard maintenance SQL server, extract data and business application. •Highly skilled Application Support in Windows environment. Strong communication, analytical. Working under high pressure, on call 8 hours a day dealing with foreign client issues, requests• Troubleshoot and resolve applications issues escalated from client• Daily and Weekly tasks: Upgrading, Migrating SQL Database, Support applications.• Maintain system :Check Windows system health, SQL log for almost 100 servers, report direct to leader• Setup Windows server environment and SQL server whenever client request Show less

• 

  Dairy Farm Vietnam

  Feb 2017 - Jun 2021

  IT Compliance Manager

  * Report to Dairy Farm group:• Vendor security assessment for project• Review and support other countries/banners assessment, audit PCI DSS assessment for stores (payment card)• 3rd party audit Group internal audit Ad-hoc assessment• Training Information security awareness for stores, HQ• Build up security framework, IT governance• Manage DR plan• Experienced mitigating Ransomware incident globally* Daily Operations:• Detection and resolve suspicious activities• Generate and review audit report: log trail, RBAC, SOD, etc.• Patching server, workstation Perform vulnerability scan and mitigate, monitor servers, workstation threats Manage fixed assets• Administrating: O365 portal, Sophos, SentinelOne, firepower, Fortigate, etc. Show less

• 

  Wall Street English Vietnam - MSH Group

  Aug 2021 - Feb 2022

  IT Compliance Manager

  • Develop and implement the identification, assessment and mitigation of IT and information security risks• Develop the monitoring process, conduct review and implementation of information security controls• Liaise with internal audit, IT and business users on IT GRC and informationsecurity issues• Assisting the management of known information security vulnerabilities• Responsible for development, implementation of compliance review activities• Responsible for the development and implementation of information security awareness program• Maintain knowledge and expertise on latest IT GRC and information security trends. Show less

• 

  Gojek

  Feb 2022 - now

  Information Technology Compliance Lead ( Gopay )

  Regulatory Engagement• Fostered Strong Regulatory Relations: Engaged directly with regulators from the State Bank of Vietnam (SBV) to align on compliance and operational standards.• Executed Audits: Led continuous internal audits, PCI DSS assessments, and penetration tests, ensuring rigorous compliance and security measures.Strategic Cost Management and Compliance• Optimized IT Expenditures: Achieved a substantial reduction in IT costs by implementing private cloud solutions and outsourcing network, infrastructure, and development services.• Ensured Regulatory Compliance: Drove compliance with SBV regulations, including Circular 09, Decree 13, and Decree 53, while maintaining PCI DSS standards. Disaster Recovery Planning and Legal Compliance• Developed Robust DRP: Designed and executed an effective Disaster Recovery Plan (DRP) to safeguard business continuity.• Adhered to Legal Standards: Ensured compliance with Vietnam’s Cyber Security Law, data privacy protection regulations.Proactive Security Management• Conducted Security Drills: Regularly performed DRP drills and vendor security assessments to enhance organizational preparedness.• Identified and Mitigated Risks: Proactively identified security challenges and implemented corrective strategies to address potential threats.Audit Leadership and Advisory• Led Audit Processes: Directed periodic audit sessions, provided strategic advice, and developed actionable mitigation plans.• Enhanced Operational Effectiveness: Conducted detailed research and risk assessments to inform policy and procedural improvements.Policy Development and Risk Oversight• Formulated and Implemented Policies: Developed and enforced comprehensive policies, processes, and procedures to manage risk and ensure compliance.Reporting and Stakeholder Communication• Delivered Insightful Reports: Prepared and presented detailed reports to senior management and external stakeholders, highlighting key compliance and security metrics. Show less