Information Security Risk Manager - Taguig - Indeed.com.ph
Find JobsCompany ReviewsFind SalariesEmployers / Post JobCreate your profileSign inwhatjob title, keywords, or companywherecity, province, region, or "POEA" for jobs overseasFind jobsAdvanced Job SearchInformation Security Risk ManagerEclaro Philippines22 reviews-Eclaro Philippines22 reviewsRead what people are saying about working here.TaguigKey Accountabilities
Develop regional information security policies and standards in accordance with group guidelines to ensure their successful implementation, including the information security plan.
Enforce regional IT governance policies/practices in order to set the standard and improve planning, integration, communications and performance between the Business Entities and IT.
Monitor and adjust IT governance components according to the changes in business model and environment; analyse the client's change capability and commitment, identify and manage transformational change
Define the acceptance strategy to ensure the intended change implements successfully
Conduct regular review (e.g. compliance to regional project initiation standards, completeness of qualification documentation, quality assurance processes) on country IT initiatives
Risk Management and Business
Identify information security risks to the company and put in place actions in order to mitigate the risks.
Perform risk assessments of vendor/supplier data processing environments
Act as security liaison for all key business and IT projects
Provide advice and support to developers and other relevant support teams in designing and implementing risk mitigation/remediation measures
Review risks and Identify root causes for common risks and provide recommendations for sustainable improvements
Review evidences for risk closure and document the evidences
Perform periodic reviews of controls and assessments to provide assurance
Report risks and risk summaries accurately to various stakeholders
Actively monitor to govern the risk management activities of different functions and countries, including conducting regular audits, to support and coordinate compliance reviews.
Actively monitor and participate in information risk management-related activities and campaigns to distribute and continually improve awareness of the regional security policies, procedures and standards.
Plan, design and implement an overall information risk management process for the organization, to ensure they have a defined and documented process to follow.
Work closely with the business to ensure they take security seriously and implement the actions that fall within the business area. Actively communicate with Business Continuity to ensure that the company maintains an effective IT continuity plan consistent with the overall business continuity plan and IT disaster recovery plan, and ensure these are regularly tested and updated.
Provide leadership in the development, delivery and maintenance of an information security program in order to safeguard the organization's information assets and the supporting IT infrastructure against unauthorized use, disclosure, modification, damage or loss. Support business to ensure compliance on regulatory requirements and ABC security standards.
Report risks in an appropriate way for different audiences to ensure that they are aware of risks that affect them individually and their parts of the business.
Serve as the organization's internal information risk security consultant to provide information on latest security technologies and related regulatory issues, and to proactively advice on IRM related solution and possible workarounds.
Work with Group IRM to provide IRM and IT Security guideline to support Regional and Local solution delivery in new technologies.
Own the application domain knowledge of a group of applications and maintain awareness of technology trends in order to guard ABC from newly discovered IT- risks and is up to date with the IT trends. Exchange ideas and enforce security measures on new development with Applications and E&T teams to facilitate knowledge sharing on information security risk.
Coordinate reporting with the Group in order to escalate major regional information security incidents to management.
Delivery Process Management
Monitor and ensure all delivery processes within Regional IT are well defined and properly documented. Ensure all these processes are carried out professionally and according to predefined schedule.
Review Performance of employees and monitor their development. Coach and mentor direct reports to improve their performance and career development.
Internal Project Control
Manage relevant internal projects to ensure successful implementation.
Required to partake in business critical knowledge transfer and training of tasks as and when required, in agreement with line management
Lead Infrastructure Security domain: control, design, vendor management
Ensure all information security exception requests (infrastructure, access management, & application) are managed properly in timely matter.
Drive cultural and organisational change throughout ABC and implement a sustainable information security practice
Lead, develop and deploy a portfolio of information security services for ABC
Bring support on Infrastructure related security topics and ensure reliability of OpCos feedback by performing security checks (Qualys) and penetration testing.
Take the corrective action needed to meet the standards required by security policy, procedures, network architectures and software design
Oversee certification and ensure that it is always up-to-date (audits, compliance maintenance, etc.)
Ensure a seamless response to the needs of business units, IT managers, and local and Group security managers
Countries and Regional Business Units
Regional Internal Audit
Strategy & Architecture
Business Relationship Management
Experience and qualifications
University degree in Computer Science/ Cyber Security or related fields
Minimum of 10 years IT experience, in which over 5 years are in the capacity of information security management and IT governance, preferably in a regional and shared services environment
At least 5 years or more hands-on experience on application/ infrastructure risk assessments
Good to have at least 3 years of experience in implementation or management of security tools/ projects
Proven experience in formulation and execution of IT governance compliance work
Proficient in managing transformation and changes induced due to implementation of IT governance, polices and standards
Understand technologies and issues on systems reliability, security and disaster recovery
Able to develop a clear understanding of clients and customers technology needs
Understand the linkage between information technology and business value
Conversant and knowledgeable on the latest technology innovations and possibilities, understanding how key technologies can help address business security issues. In addition, has an understanding of the practical constraints of technology, and a knowledge surrounding proposed security technology investments
Possesses excellent verbal and written communication and presentation skills in English
Must have ISO 27001 certification and preferably CISA, CRISC.
Industry certifications will be a plus e.g. CISA, CISSP, CRISC and CISM
Strong knowledge of security frameworks (COBIT, ISF, ISMS, COSO), standards (ISO, NIST, CIS)
Good to have CEH certificationEclaro Philippines - 4 days ago - save job - Is there a problem with this job? - original jobApply NowApply On Company Sitesave this job aSave this jobRisk Manager jobs in TaguigJobs at Eclaro Philippines in TaguigRisk Manager salaries in TaguigCompany InfoFollowGet job updates from Eclaro Philippines22 reviewsAboutHelp Center© 2019 IndeedCookies, Privacy and Terms