Information Security Lead

2 weeks ago

Quezon City, Philippines Asticom Technology Inc. Full time
Responsibilities
  • Develop and Execute Security Strategy: Lead the formulation, implementation, and continuous improvement of the BPO's information security strategy, aligning it with business objectives, client requirements, and regulatory compliance.
  • Policy and Procedure Development: Create, maintain, and enforce comprehensive information security policies, procedures, and standards (e.g., access control, data handling, incident response, remote work security) that adhere to industry best practices and client SLAs.
  • Conduct regular risk assessments to identify, analyze, and prioritize security vulnerabilities and threats across systems, networks, applications, and processes.
  • Develop and implement mitigation plans to address identified risks, recommending appropriate security controls and technologies.
  • Compliance and Regulatory Adherence: Ensure the BPO's compliance with relevant national and international data protection regulations (e.g., GDPR, HIPAA, PCI-DSS, local Philippine privacy laws).
  • Oversee internal and external audits (e.g., ISO 27001, NIST) and ensure all security measures align with established frameworks.
  • Prepare detailed reports for management and clients on compliance status and audit findings.
  • Budget Management: Contribute to the development and management of the information security budget, ensuring optimal allocation of resources for security tools, training, and personnel.
Operational Security Management
  • Incident Response and Management: Develop and lead the organization's incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident analysis.
  • Coordinate investigations into security breaches or incidents, performing root cause analysis and implementing corrective and preventive actions.
  • Communicate incident status and impact to stakeholders, including senior management, legal, compliance, and affected clients.
  • Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP.
  • Vulnerability Management: Lead regular vulnerability assessments and penetration testing activities on infrastructure, applications, and networks.
  • Oversee the patching and remediation of identified vulnerabilities.
  • Analyze threat reports and security advisories to proactively protect against new threats.
  • Security Monitoring and Operations: Oversee the continuous monitoring of IT systems and networks for suspicious activities, trends, and patterns using SIEM (Security Information and Event Management) tools.
  • Ensure the effective operation and maintenance of security tools such as firewalls, IDS/IPS, antivirus, and data loss prevention (DLP) systems.
  • Access Control Management: Oversee the implementation and enforcement of robust access control policies, ensuring only authorized personnel have access to sensitive data and systems, especially crucial in multi-client BPO environments.
  • Data Protection and Privacy: Implement measures to protect the confidentiality, integrity, and availability of all data, including data encryption, secure data storage, and data backup and disaster recovery plans.
  • Vendor Security Management: Assess and ensure the security posture of third-party vendors and partners.
  • Conduct risk assessments relevant to each vendor and collaborate with teams to address any identified risks.
  • Ensure vendor compliance with the organization's security and compliance obligations.
Team Leadership and Development
  • Lead and Mentor: Guide, mentor, and manage a team of security professionals, fostering a security-first mindset across the organization.
  • Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs for all employees, ensuring they understand their roles in maintaining security and recognizing potential threats (e.g., phishing).
  • Collaboration: Work closely with IT, operations, legal, HR, and client-facing teams to integrate security into all aspects of the organization's operations.
BPO-Specific Considerations
  • Client Relationship Management: Often serves as a key point of contact for clients regarding information security matters, including security audits, contractual compliance, and addressing client-specific security concerns.
  • Multi-Tenancy Security: Understand and manage the complexities of securing data for multiple clients within a shared infrastructure, ensuring strict segregation and adherence to individual client requirements.
  • Service Level Agreements (SLAs): Ensure that information security practices meet or exceed the security clauses defined in client SLAs.
  • Global Security Standards: In organizations serving international clients, the Infosec Lead must be well-versed in a wide range of global security standards and regulations.
Job Qualifications
  • 1. Stop the Bleeding: Fixing Our Security Weaknesses
    • Rewrite the blueprints: They'll create clear, up-to-date security rules that everyone understands and follows.
    • Reinforce the walls: They'll put in place the right technical systems and tools to automatically block unauthorized access and prevent data from leaving our control.
    • Supervise the guards: They'll lead and train our existing IT team to be more vigilant and efficient in spotting and stopping threats. They'll also tell us exactly where we need more hands-on-deck if necessary.
  • 2. Protecting Our Reputation and Keeping Clients Happy
    • Build client confidence: They'll be our expert face when clients ask about our security. They'll assure them we're serious about protecting their data and demonstrate how we meet global privacy standards (like GDPR). This is crucial for keeping our current clients and winning new ones.
    • Keep us out of trouble: They'll make sure we comply with all the complex data privacy laws, both locally in the Philippines and internationally. This prevents costly fines, legal battles, and damaging headlines.
Job Details
  • Seniority level Mid-Senior level
  • Employment type Full-time
  • Job function Information Technology
  • Industries Staffing and Recruiting
#J-18808-Ljbffr

  • Information Security Manager

    4 days ago

    Quezon City, National Capital Region, Philippines Metro Pacific Tollways Corporation Full time ₱2,000,000 - ₱2,500,000 per year

    The Information Security Manager will help develop and implement the organization's cybersecurity strategy and manage a team of Information Security personnel in securing Metro Pacific Tollway Corporation's information systems, infrastructure and data against internal and external threats.Roles and ResponsibilitiesDesign, develop, and implement the...

  • Information Security Lead

    4 days ago

    Makati City, National Capital Region, Philippines Smart Communications, Inc. Full time ₱1,500,000 - ₱2,500,000 per year

    ROLEDetermine the risk position of PLDT group as a result of changes in the technology architecture, products and services.Execute or review a general security review based on company-accepted standards and good industry practices.Execute or review a compliance assessment of PLDT's technology architecture, products and services to applicable...

  • Information Security Manager

    1 day ago

    Quezon City, Philippines Manulife Full time

    Overview Manulife Quezon City, National Capital Region, Philippines Manulife Quezon City, National Capital Region, Philippines 4 days ago Be among the first 25 applicants Get AI-powered advice on this job and more exclusive features. Information Security Manager evaluates technology environments through control testing, compliance assessments,...

  • Information Security Manager

    4 weeks ago

    Makati City, National Capital Region, Philippines Michael Page Full time

    Step into a high-impact leadership role. Drive enterprise-wide security initiative and influence key stakeholders. About Our Client This organization serves as the data science and AI arm of a diversified business group, focused on enabling data-driven transformation across key industries such as energy, finance, and infrastructure. Its mandate is to...

  • Information/Cybersecurity Lead

    4 days ago

    Quezon City, National Capital Region, Philippines RSD Human Resource Management Consultancy Full time ₱780,000 - ₱1,560,000 per year

    Skills & Experience· Mandatoryo Knowledge of latest ISO 27001 standard, PCI DSS, and HIPAA.o Internal and External audit experience of ISO standards ISO 27001.o Knowledge and audit experience of HIPAA compliance and HITRUST requirements.o Should have knowledge/hand on experience on working on SOC 2/ HITRUST/PCI DSS, requirements.o Should have hands-on...

  • Information Security Analyst

    3 weeks ago

    Quezon City, National Capital Region, Philippines Manulife Financial Full time

    OverviewWe're looking for an Information Security Analyst (Access Provisioning) to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review...

  • Information Security Analyst

    4 days ago

    Quezon City, National Capital Region, Philippines Manulife Full time ₱1,200,000 - ₱2,400,000 per year

    We're looking for anInformation Security Analyst (Access Provisioning)to join our ETS Control and Governance team at MBPS. In this role, you are expected to define and maintain a standard access model for cloud resources, review and approve access requests every day within the committed SLA. You will enhance existing automation to make the review and...

  • Information Security

    4 days ago

    Makati City, National Capital Region, Philippines SMBC Group Full time ₱1,200,000 - ₱2,400,000 per year

    As theAVP for Internal Audit and Regulatory Response,you will help sustain the operational requirements of the Security and Architecture Group (SAG) - MNL Governance, Risk and Compliance, including the Audit and Controls Assurance function. Currently, these responsibilities are being handled full-time by one person and part-time by the SAG MNL Head. With the...

  • Information Security Engineer

    4 days ago

    Makati City, National Capital Region, Philippines Etrading Software Ltd Full time ₱1,200,000 - ₱2,400,000 per year

    Job Title: Information Security Engineer IIIExperience Level: 5+ yearsAbout the RoleWe are seeking a highly skilled Information Security Engineer to lead the development and implementation of robust security controls across our cloud, application, and enterprise environments. This individual will drive secure SDLC practices, lead threat modeling, manage...

  • Information Security Engineer

    7 days ago

    Makati City, National Capital Region, Philippines Etrading Software Full time ₱1,200,000 - ₱2,400,000 per year

    Information Security Engineer IIIExperience Level: 5+ yearsAbout the RoleWe're looking for a highly skilled Information Security Engineer to strengthen and scale security across our cloud, application, and enterprise environments. In this role, you'll:Lead secure SDLC practices and embed security into every stage ofÂ...