Security Governance

Security Governance & Assurance Head (Senior Officer)

Makati, NCR, Philippines Information Security & Data Protection Office

Job Openings Security Governance & Assurance Head (Senior Officer)

About the Job

Location: Makati

Corporate Title : Assistant Vice President to Vice President

Work Arrangement: Onsite

Our Information Security and Data Privacy team is looking for experienced professionals to join us in Makati with the role of Security Governance & Assurance Head .

In this role, you will lead and align security duties across the Bank to ensure consistent control objectives and solutions, while fostering relationships and collaborating on security governance and principles. You will also provide expert security advice, manage and lead information security teams, and oversee vulnerability management and penetration testing to secure all key assets.

Whether you're just starting out, or already a seasoned professional, EastWest can help you unleash your potential, and bridge the gap between dream to success.

At EastWest, we empower our employees to drive their careers and are committed to provide the runway for them to grow. We value teamwork and individual initiative. Join us and be part of a highly engaged team, and a workplace that promotes development and goal attainment.

Over 29 years, EastWest has emerged as one of the most consumer-focused universal banks in the Philippines. EastWest is committed to continuously invest in people and in process, product, and service enhancements, and embrace new ideas to enhance the EastWest experience.

What the role will entail

• Develop, implement, and update the Bank's security policies, standards, strategies, and frameworks aligned with business risks and regulatory requirements.
• Integrate information security controls into business processes through cross-organizational collaboration and an information security management system.
• Conduct enterprise-wide information security risk analysis, implement risk treatment plans, and develop metrics for periodic monitoring.
• Implement process improvements to enhance the efficiency and effectiveness of information security management systems and address security weaknesses.
• Collect regular stakeholder feedback to drive service improvements and oversee the review and refresh of information security governance materials.
• Oversee the preparation and monitoring of the annual budget, audit, compliance activities, and ensure timely delivery of ISDPO initiatives and programs.
• Lead the recruitment, development, and retention of critical talents in ISDPO, establish performance standards, and drive employee engagement.

What we're looking for

• Holder of a Bachelor's Degree in ICT, Computer Science, any related field
• Must have at least (2) Professional Security certifications (e.gs., CISSP, CISM)
• Established experience in PCI-DSS, ISO27001, NIST Cybersecurity Framework, Data Privacy program implementation
• Experience working in security at a banking industry or similar environment, as well as managing a team are required
• At least 10+ years work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or related role.
• Proficiency with VAPT tools such as Kali Linux, Tenable, Rapid 7, Metasploit, Burp Suite, Qualys, Nmap, etc.
• Knowledge of vulnerability scanning, source code analysis, advanced network protocol manipulation, and custom penetration testing tool creation
• Strong understanding of Networking (TCP/IP, SSH, SFTP, VPN, Firewalls, Routers, etc.) and Server and workstation operating systems (Windows, Linux, etc.)

What you can expect from joining our team

• Career development and training opportunities
• Competitive salary package and benefits
• Performance-based incentives and recognition programs to reward high-performing individuals
• Opportunity to work with industry experts and be mentored by them
• Defined career progression paths to guide you in your professional growth