Information Security Manager

What can you tell your friends when they ask what you do?

The Information Security Manager is responsible for safeguarding the organization's information assets by implementing, managing, and overseeing the company's security policies, protocols, and procedures. This role involves identifying and mitigating security risks, ensuring compliance with industry standards, and leading efforts to protect sensitive data across all digital platforms.

1. Assess risk and ensure security systems and operations comply with organizational and regulatory requirements
2. Lead the development and execution of security strategies and policies
3. Responsible for day to day execution of security policies and procedures. Using monitoring tools to identify threats and incidents
4. Analyze, design, manage and deliver the services required to minimize the negative impact of security incidents and restoring normal service operation as quickly as possible

Responsibilities – How will you do this?

• Advise appropriate senior leadership on risk levels and changes affecting the organization's cybersecurity posture.
• Work with the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risks.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Continuously validate the organization against policies, guidelines, procedures, regulations, laws to ensure compliance.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Identify alternative information security strategies to address organizational security objective.
• Ensure that cybersecurity requirements are integrated into the continuity planning for systems and/or organization(s).
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Identify information technology (IT) security program implications of new technologies or technology upgrades.
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
• Lead information security risk assessment during the Security Assessment and Authorization process.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• Oversee the information security training and awareness program.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

To be successful, you'll need experience in:

• Business Continuity
• Computer Network Defense
• Database Administration
• Encryption
• Enterprise Architecture
• Information Systems/Network Security
• Network Management
• Operating Systems
• Policy Management
• Risk Management
• Technology Awareness
• Threat Analysis
• Vulnerabilities Assessment

Additional Knowledge Areas:

• ISO 27000 – NIST – CIS – Data Privacy

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Proven experience (5+ years) in information security management, IT risk management, or similar roles.
• Strong understanding of current IT threats, security protocols, and industry best practices.
• Professional certifications such as CISSP, CISM, or equivalent is an advantage.
• Excellent leadership, communication, and project management skills.

About Data Analytics Ventures Inc. (DAVI)

Data Analytics Ventures, Inc. (DAVI) is the Gokongwei Group's loyalty and data analytics company. Aside from managing Go Rewards, the loyalty program of the Gokongwei Group which includes Cebu Pacific and Robinsons Retail Holdings, DAVI also plays a pivotal role in driving consumer insights through data science. This combination enables DAVI to create a loyalty program that delivers on rewarding experiences and harnessing data to fuel business growth.

At DAVI, data is the key to identifying customer patterns and insights. More than just crunching numbers amidst evolving market landscapes, the company aims for meaningful engagement and sustainable growth that will accelerate discovery and action for businesses.

DAVI helps businesses get a deeper understanding of their brand and category performance. The company's insights help businesses to determine growth drivers and opportunities, improve decisions and calibrate business objectives and actions.

DAVI advocates a culture of excellence and teamwork. Everyone is expected to be the very best at what they do and serve as mentors to their colleagues. We believe in building a trusted environment that encourages open dialogue and constructive conflict, where individuals are humble and hungry to learn from each other. We expect excellence of ourselves and others and together, we make excellence contagious.

DAVI offers its employees the chance to be part of the wave of the future as the data industry continues to evolve rapidly. They are empowered to chart the trajectory of their career and have access to programs that help them continuously upskill. As such, the company seeks people who are passionate about uncovering the value and opportunities behind data.