Information Security Lead

Information Security Lead (Risk Assessment) Makati, National Capital Region, Philippines Develop and Execute Security Strategy: Lead the formulation, implementation, and continuous improvement of the BPO's information security strategy, aligning it with business objectives, client requirements, and regulatory compliance. Policy and Procedure Development: Create, maintain, and enforce comprehensive information security policies, procedures, and standards (e.g., access control, data handling, incident response, remote work security) that adhere to industry best practices and client SLAs. Conduct regular risk assessments to identify, analyze, and prioritize security vulnerabilities and threats across systems, networks, applications, and processes. Develop and implement mitigation plans to address identified risks, recommending appropriate security controls and technologies. Compliance and Regulatory Adherence: Ensure the BPO's compliance with relevant national and international data protection regulations (e.g., GDPR, HIPAA, PCI-DSS, local Philippine privacy laws). Oversee internal and external audits (e.g., ISO 27001, NIST) and ensure all security measures align with established frameworks. Prepare detailed reports for management and clients on compliance status and audit findings. Budget Management: Contribute to the development and management of the information security budget, ensuring optimal allocation of resources for security tools, training, and personnel. Operational Security Management Incident Response and Management: Develop and lead the organization's incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident analysis. Coordinate investigations into security breaches or incidents, performing root cause analysis and implementing corrective and preventive actions. Communicate incident status and impact to stakeholders, including senior management, legal, compliance, and affected clients. Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP. Vulnerability Management: Lead regular vulnerability assessments and penetration testing activities on infrastructure, applications, and networks. Oversee the patching and remediation of identified vulnerabilities. Analyze threat reports and security advisories to proactively protect against new threats. Security Monitoring and Operations: Oversee the continuous monitoring of IT systems and networks for suspicious activities, trends, and patterns using SIEM tools. Ensure the effective operation and maintenance of security tools such as firewalls, IDS/IPS, antivirus, and data loss prevention (DLP) systems. Access Control Management: Oversee the implementation and enforcement of robust access control policies, ensuring only authorized personnel have access to sensitive data and systems. Data Protection and Privacy: Implement measures to protect the confidentiality, integrity, and availability of all data, including encryption, secure storage, backup and disaster recovery plans. Vendor Security Management: Assess and ensure the security posture of third-party vendors and partners. Conduct risk assessments relevant to each vendor and collaborate with teams to address any identified risks. Ensure vendor compliance with the organization's security and compliance obligations. Team Leadership and Development Lead and Mentor: Guide, mentor, and manage a team of security professionals, fostering a security-first mindset across the organization. Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs for all employees. Collaboration: Work closely with IT, operations, legal, HR, and client-facing teams to integrate security into all aspects of operations. BPO‑Specific Considerations Client Relationship Management: Serve as key point of contact for clients regarding information security matters, audits, compliance, and concerns. Multi‑Tenancy Security: Understand and manage complexities of securing data for multiple clients within shared infrastructure. Service Level Agreements (SLAs): Ensure security practices meet or exceed security clauses defined in client SLAs. Global Security Standards: Be well‑versed in a wide range of global security standards and regulations. Job Qualifications: Rewrite the blueprints: Create clear, up-to-date security rules everyone follows. Reinforce the walls: Implement technical systems and tools to block unauthorized access and prevent data exfiltration. Supervise the guards: Lead and train the existing IT team to detect and stop threats efficiently. Build client confidence: Act as the expert face with clients on security, demonstrating compliance with global privacy standards (e.g., GDPR). Keep us out of trouble: Ensure compliance with all data privacy laws locally and internationally to avoid fines and legal issues. #J-18808-Ljbffr