Manager - Legal And Compliance

IT Security and Compliance Manager

Pasig, Palawan Enshored Inc.

Posted today

Duties and Responsibilities

• Oversee the information compliance program, and ensure all controls are being adhered to and compliance status maintained.
• Develop, update and maintain information security program documentation including operational documentation for all monitoring processes.
• Perform initial security incident assessment & investigation, triage support, and escalating security incidents as needed.
• Identify and recommend changes to the security controls, assessing potential risks to data and systems, and provide recommendations on mitigation of these risks to acceptable levels.
• Assist in internal and third-party risk assessments.
• Perform advanced problem determination and timely resolution as well as make the decisions necessary to recover business systems in the event of an outage.
• Development and deploy new security controls, tools, and processes.
• Create and maintain reporting processes through creation and collection of appropriate metrics. Install and operate security measures/ software to protect systems and information infrastructure.
• Schedule: 8 hour shift
• Ability to commute/relocate: Ortigas Pasig: Reliably commute or planning to relocate before starting work (required)

• Experience in overseeing information compliance and information security programs.
• Ability to develop and maintain security documentation and monitoring processes.
• Experience with security incident assessment, investigation, and incident escalation.
• Knowledge of risk assessments and mitigation strategies for data and systems.
• Experience deploying security controls, tools, and processes.
• Strong reporting and metrics collection capabilities.
• Ability to communicate effectively with internal and external stakeholders.

Posted 453 days ago

Responsibilities include:

• Identify risks associated with protecting information assets.
• Collaborate with and support departments from an information security perspective.
• Monitor compliance with policies and ensure data privacy is being adhered to.
• Implement security controls and solutions according to security governance requirements.
• Set a risk tolerance level that protects information assets and enables business operations to run as smoothly as possible.
• Conduct threat and risk assessments as necessary and review the results.
• Review, manage, and update risk-related processes, procedures, controls, and supporting documents.
• Ensure that the information security governance framework and strategy align with the organization’s general risk governance program.
• Track and record information security risks, detailing if the risk is accepted, not accepted, mitigated, or transferred.
• Identify, assess, and monitor risks to information security and propose mitigation strategies.
• Evaluate the inherent risk of identified threats and calculate the residual risk after mitigation techniques have been implemented.
• Build cybersecurity process risk & control framework aligned with applicable laws and standards.
• Conduct industry standard (e.g., PCI-DSS) and data privacy compliance readiness assessments.
• Establish IT security policies, standards, and procedures; manage IT security training & awareness program.
• Establish IT security functions metrics and reporting for various audiences.
• Build the risk and compliance programs and roadmap; implement the necessary GRC tools.
• Other IT security tasks as deemed necessary.

Requirements

• Bachelors degree in Computer Engineering, Computer Science, Information Technology, Engineering or related discipline.
• Highly organized, results-oriented, and attentive to details; excellent verbal and written communication, presentation, facilitation, and diplomacy skills.
• Ability to prioritize and multitask. Flexibility and adaptability in work approach.
• 3+ years hands-on cybersecurity professional experience, risk management, and security governance practice.
• Knowledge of IT security technical controls and information security risk management frameworks (ISO 27001, NIST, CIS, PCI-DSS, Data Privacy Law).
• Experience securing network technologies, client/server operating systems, and cloud environments.
• Strong project management and organizational skills; ability to manage multiple projects simultaneously.
• Ability to interpret threats, risks, and impacts; strong communication across the organization.
• Previously worked as systems administrator, systems engineer, or security analyst.
• Understanding of OS hardening, network design, and systems security; familiarity with cybersecurity domains (GRC, IAM, asset security, security architecture, network security, security operations).
• Understanding of security analysis, security events, and penetration testing.
• Industry certifications preferred (e.g., CISSP, CISM).