Cybersecurity Governance Manager

About PDAX
At PDAX, we believe that the future of money is digital, and our mission is to empower all Filipinos to grow their wealth through blockchain technology.

As one of the first crypto firms in the Philippine market, we feel a sense of duty to our users and to the ecosystem to set the standard for safety, ease of access, and reliability. We expect our team to share in this responsibility and cherish our vision of a more open and equitable financial system.

We are looking for new team members that are passionate about cryptocurrency, want to work in a disruptive, fast-growing industry, and thrive in a start-up environment.

If this sounds like you, then we'd love to talk.

General Responsibilities

Cybersecurity Governance & Policy Management

• Develop, maintain, and enforce cybersecurity policies, standards, and procedures
• Establish control frameworks aligned with industry standards (NIST CSF, ISO 27001, CIS, PCI-DSS, etc.)
• Conduct periodic policy reviews and control assessments
• Manage policy exceptions and risk acceptance processes

Security Risk & Compliance

• Lead cybersecurity risk assessments across technologies, vendors, projects, and products
• Maintain cybersecurity risk registers and KRIs/KPIs
• Support regulatory audits (internal/external) and compliance reporting requirements
• Ensure compliance with relevant regulations (BSP MORNBFI, AMLC, PDPA, GDPR, SOC 2, etc.)
• Track remediation activities for findings and vulnerabilities

Cybersecurity Metrics, Reporting & Governance Meetings

• Prepare cybersecurity governance reports, dashboards, and cyber posture scorecards
• Lead monthly/quarterly governance meetings with internal stakeholders
• Maintain audit trails, evidence, and documentation

Cybersecurity Awareness & Training

• Implement enterprise-wide cybersecurity awareness programs
• Coordinate phishing simulations, awareness content, and training plans
• Track participation and measure awareness maturity improvements

Vendor and Third-Party Security

• Evaluate vendor cybersecurity capability maturity
• Maintain third-party security assessments
• Ensure contractual and regulatory cybersecurity obligations

Incident Preparedness & Oversight

• Ensure cyber incident response policies and playbooks exist and are tested
• Coordinate tabletop exercises, DR testing, and business continuity checks
• Track readiness gaps and remediation plans

Qualifications
Must Have:

• Bachelor's degree in IT, Computer Science, Cybersecurity, or related field
• Minimum 5+ years experience in cybersecurity, governance, or compliance roles
• Strong understanding of cybersecurity frameworks and regulatory requirements
• Experience conducting audits, risk assessments, and compliance programs
• Strong communication and stakeholder management skills

Technical Knowledge

• Security frameworks: NIST CSF, CIS, ISO 27001
• Cloud governance (AWS/Azure/GCP)
• Regulatory requirements (BSP, AMLC, PDPA, PCI, SOC2)
• Audit methodologies
• Cyber risk scoring and dashboards.

Preferred:

• Professional certifications (CISM, CISSP, CRISC, CCSP, etc.)
• Experience with BFSI, fintech, or regulated industries
• Background in enterprise architecture, IT audit, or Security Operations

Soft Skills

• Strong documentation and communication skills
• Strong analytical and risk-based decision-making
• Ability to influence without authority
• Able to work cross-functionally across business and IT teams
• Excellent attention to detail

Our Culture

Communication

• We prioritize clear and transparent communication, ensuring that there is clarity among everyone we work with.
• We aim to have a collaborative environment, where innovative ideas in investment strategies are shared openly and constructively, driving the industry forward.

Customer-focus

• We think about how our decisions impact our customers and ensure we provide the best experience that we can.
• We believe in building lasting relationships with our clients, constantly learning from and listening to them, and always striving to look out for what's best for both sides.

Commitment

• We always aim to do the right thing and to do the right thing, excellently. We take accountability seriously and uphold ourselves to high standards, ensuring that we execute with attention to detail.
• We are dedicated to the long-term success of our clients in the dynamic world of financial technology, maintaining integrity and professionalism in every aspect of our work.