About Security Bank
We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.
We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.
Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.
In our constant pursuit of excellence and improvement, we create teams that support our business and each other.
As Information Security Manager, you will be responsible for establishing and maintaining a company-wide information security management program to ensure those information assets are adequately protected. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the company. The Information Security Manager will proactively work with business units to implement practices that meet defined policies and standards for information security. He or she will also oversee a variety of IT-related risk management activities. It serves as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information in compliance with the organization’s information security policies
How you'll contribute
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT
- Develop, maintain and publish up-to-date information security policies, standards, and guidelines.
- Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers
- Work directly with the business units to facilitate IT risk assessment and risk management processes, and work with stakeholders throughout the organization on identifying acceptable levels of residual risk.
- Create a framework for roles and responsibilities with regard to information ownership, classification, accountability, and protection.
- Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
- Ensure that security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
- Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
- Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment, provide technical and managerial expertise for the administration of security tools.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
- Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
- Manage and coordinate operational components of incident management, including detection, response, and reporting.
- Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
- Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
What we’re looking for
- Graduate of Computer Science, Information Technology or related field; Master's degree is an advantage
- Solid work experience in Cyber & Information Security or at least 5 years of experience in IT Security Management
- Proficient in MS Office Programs
- Excellent communication and presentation skills in English
- With solid knowledge in network security, IT regulatory compliance implementation, and security protocols
- Ability to lead the function of the executive team, with strong communication and negotiation skills, project management, business acumen, and strategic focus