About Security Bank
We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.
We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.
Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.
In our constant pursuit of excellence and improvement, we create teams that support our business and each other.
- Establish and continually improve the standards and practices of Information Security Management for the Bank and its subsidiaries.
- Coordinate and execute the following:
- Risk Register: Maintain a risk register based on the identified applicable laws and regulations;
- Controls Catalogue: Based on the review of procedures and walkthroughs, maintain an inventory of internal controls and map them to key risk areas;
- Issues Management: Drive, coordinate, track and monitor the progress of remediation of control weaknesses identified through incidents, external and internal audit/assessment, and compliance testing;
- Risk Assessment: Execution of the required corporate risk assessments by identifying the key risks and assessing mitigating controls to determine the risk profile of the organization;
- Risk / Control Monitoring: Coordinate the development and monitoring of key performance indicators (KPI) as well as key risk indicators (KRIs) that are mapped to various risks and controls to determine elevations in risk, effectiveness of controls and to proactively implement risk and control mitigation measures;
- Data Analytics: Coordinate the collection of risk information from source systems, departments/divisions, and reporting. Analyze the data and apply to various key risk areas to update the risk profile;
- Policy and Guidelines/Procedure Maintenance: Create and amend enterprise-wide policies, standards, and procedures;
- Awareness Program: Create, amend, and propagate enterprise-wide awareness program ensuring that relevant training is developed in coordination with SBC Academy and it is focusing on prevalent risks;
- Manage Document Library: Manage the publication, dissemination, and availability of policies, standards, and procedures.
- Must be able to do a gap analysis of current policies, standards, procedures, and practices against new or modified global standards, BSP circulars, and other laws and regulations as applicable to the Bank and its subsidiaries and coordinate the result to different stakeholders for remediation;
- Be the Champion and drive what is required to ensure completion of all initiatives and other deliverables to be accomplished;
- Provide pertinent reporting materials required for the Risk Oversight Committee and Senior Management meetings covering the status of all initiatives including the high risks areas.
- Bachelor's degree in Information Technology, Computer Engineering or related fields
- At least 5 years experience in IT Security, Information Security, Cyber Security, and/or Information Security Audit;
- Knowledge of the following frameworks – ISO 27001, PCI-DSS, NIST Cyber Security.
- Preferably with ISO 27001, CISA, and/or CISM certification;
- Preferably with strong knowledge on different IT domains – Network, Infrastructure, Systems Administration, Software Development, Database Administration, Change Management, Incident Management;
- Has working experience in creating and updating policies, standards, and procedures documents;
- A high degree of organizational and analytical skills;
- Excellent interpersonal communication and presentation skills;
- Proficient in both oral and written communication;
- Strong knowledge of control frameworks and has the ability to design and evaluate the effectiveness of controls embedded within business processes;