Information Security Manager

Shall represent the bank in all cybersecurity matters and will be responsible for establishing and maintaining an Information Security Management Program to ensure that the information assets are adequately protected. The ISM should be able to identify, evaluate and report the information security risks in relation to the bank’s compliance and regulatory requirements, and should be able to align and support the risk posture of the institution. The manager will proactively work with the company’s different business units to implement practices that meet the standard of information security. They shall serve as the process owner of all assurance activities related to the availability, integrity, and confidentiality of the customers, business partners, employees, and different business information in compliance with the organization’s information security policies.
The specific tasks of the job are as follows:
Information Security Strategic Plan. Own and communicate a divisional roadmap for information security that is aligned with the risk appetite of the bank, and collaborate with the IT Network Manager in creating an overall security roadmap. They should be able to develop, implement and monitor said plan in collaboration and assistance of the members from the headquarters. Alongside this, they shall establish the information security policies, standards, and guidelines of the bank. Additionally, to maintain a knowledge database comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Risk Management. Managing risk by regularly assessing the vulnerability of the systems being used to cyber-attacks or other forms of security breaches. The manager should also establish a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants, and other service providers.

Stakeholder Management. Build and maintain effective relationships with the bank’s business stakeholders. The role should be able to maintain a strong communication within the business area and the business itself within information security. Furnish a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.

Compliance and Regulation. Coordinate with internal and external auditors regarding security assessments, ensuring that these assessments are compliant with the standards of Bangko Sentral ng Pilipinas. Along with this, they shall be responsible in responding to security incidents, including but not limited to data breaches, by identifying their cause and initiate the corrective action to prevent the incident from occurring again in the future. They should be able to recommend and coordinate the implementation of technical controls to support and enforce defined security policies.

QUALIFICATIONS
A Bachelor’s Degree in Computer Science, Information Technology or related field; Master's degree would be an advantage

Solid work experience in Cyber & Information Security or at least 5 years of experience in IT Security Management, with a Certified Information Systems Auditor (CISA) certificate.

Proficient in MS Office Programs

Excellent communication and presentation skills in English

With solid knowledge in network security, IT regulatory compliance implementation, and security protocols of BSP.

Ability to lead the function of the executive team, with strong communication and negotiation skills, project management, business acumen, and strategic focus