XTN-D7C7735 INFORMATION SECURITY MANAGER

Information Security Manager KMC Careers – Taguig, National Capital Region, Philippines Job Description Sodali & Co is a leading provider of strategic advice and shareholders services to corporate clients around the world. Our firm provides corporate boards and executives with strategic advice and services relating to a broad range of activities, including mergers and acquisitions, annual and special meetings, shareholder activist initiatives, multinational cross-border equity transactions and debt restructuring services. From headquarters in New York, and offices and partners in major capital markets across APAC and EMEA, we service more than 1,000 corporate clients in 80 countries, including many of the world’s largest multinational corporations. In addition to publicly listed and private companies, its clients include mutual funds, ETFs, stock exchanges and membership associations. The Information Security Manager (ISO) will be responsible for developing and implementing our information security program, which includes procedures and policies designed to protect enterprise communications, IT systems, and company and customer assets from both internal and external threats. Benefits Monetary Benefits: Leave Monetization of Sick Leaves 13th Month Pay Non-monetary Benefits: HMO Principal HMO Dependent Carry Over of Leaves Paid Leave Credits Special Leaves Birthday Leave Responsibilities Lead the information security function across the company to ensure consistent and high-quality information security management in support of the business goals. Develop, implement, and monitor a comprehensive enterprise information security program that aligns with strategic plan and best-in-class compliance and industry requirements. Maintain ISO 27001, SOC2 Type 2, GDPR and UK Cyber Essential certification and related activities. Manage annual internal and external penetration test and remediation. Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action. Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address findings with appropriate compliance business partners. Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company’s reputation. Coordinate development of incident response plans and procedures to ensure business-critical services are recovered in the event of a security event. Develop, implement and enhance an up-to-date information security management framework. Create, implement and manage confidentiality, data safeguarding and data retention policies and procedures. Develop, maintain, and roll out training and activities for information security awareness within the organization. Evaluate security trends, evolving threats, risks and vulnerabilities and apply tools to mitigate risk as necessary. Provide regular reporting on the current status of the security program to relevant stakeholders as part of a strategic enterprise risk management program. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security. Qualifications Experience in an international organization is an advantage. Demonstrated ability to build successful cybersecurity programs. Expert understanding of cybersecurity concepts, principles and practices. Strong decision-making capabilities with proven ability to weigh relative costs and benefits of potential actions. Excellent conceptual problem-solving skills with demonstrated ability to bring structure to vaguely defined problems. Organizational and political agility; developed negotiation and influence skills. Unquestionable personal code of ethics, integrity, diversity and trust. Ability to navigate varying degrees of ambiguity in a fast-paced environment. Experience with formal risk assessment methodologies. In depth understanding of networks, databases and business applications as they relate to security. Excellent understanding of computer networking concepts and protocols, and network security methodologies. Ability to work in a cross-functional matrix environment. Excellent understanding of vulnerability management and associated tools and solutions. Deep expertise with Azure platform. Keeps up to date on all matters pertaining to IT security. Knowledge of leading practice incident management processes. Solution driven with demonstrated ability to meet deadlines and deliver results. Bachelor’s degree or equivalent program in Computer Science, Business Information Systems, Information Security or Information Technology. Relevant Professional certification essential: CISSP, CISA, CISM or CRISC. Minimum 10 years in a Senior Information Security or similar role. Experience in setting up and managing information security in a financial services organization. Excellent knowledge and experience of ISO27001, SOC2 Type 2 and GDPR. Knowledge of national and international laws, regulations, policies and ethics as they relate to cybersecurity. Knowledge of Risk Management Processes (e.g., methods for assessing and mitigating risk). Job Details Role Level: Not Applicable Work Type: Full-Time Country: Philippines – Taguig, National Capital Region Company Website: Job Function: Cybersecurity #J-18808-Ljbffr