Assistant Information Security Manager – Governance, Risk

About Jardine Service Centre Philippines (JSC)

Jardine Service Centre Philippines is an organization fully owned by Jardine Matheson Group which is a diversified Asian-based group with unsurpassed experience in the region, having been founded in 1832. JSC is responsible for providing back-office support to the business units of Jardine Group by administrating transactional and rule-based activities. We aim to deliver world-class services to our internal customers in a cost-efficient manner via process harmonization, application of state-of-the-art technologies, automation and process simplification.

We are looking for an Assistant Information Security Manager professional to assist the company and its business units in driving initiatives to improve cybersecurity governance and risk practices. The ideal candidate will have experience in cybersecurity awareness, policy enhancements, and risk mitigation, with the ability to lead a small team and collaborate with business unit representatives to deliver initiatives effectively.

Key Responsibilities:

Governance & Risk management

• Inform management, IT and security teams about the latest cybersecurity incidents, threats, and trends to inform risk management activities and integrate security measures into operational processes.
• Lead development or regular updates of security policies, procedures, and other deliverables in collaboration with technical specialists and business security teams.
• Advise businesses on global data privacy and security laws, regulations, and best practices, such as GDPR, China Cybersecurity Law, ISO 27001, etc.
• Drive maturity improvements by incorporating best practices and thought leadership into risk management and governance procedures and drive education and adoption.

Cybersecurity awareness and communication

• Develop learning and awareness programs to cultivate a culture of cybersecurity across the Group's businesses, using modern learning tools and practices.
• Ensure that security awareness programs address current threat landscape and meet applicable industry regulations, standards, and compliance requirements.
• Develop, maintain, and manage training programs; verify effectiveness of training, such as via phishing tests.

Qualifications & Skills:

• Bachelor's Degree in an IT/Computer related course.
• At least 5 years of working experience in Information Security or IT Audit fields.
• At least 3 years in cybersecurity or information security.
• Excellent writing skills, well organized and attentive to detail.
• Highly conversant in English language.
• Background or experience in IT risk, audit, governance, security awareness training and project management.
• Critical thinking skills with strong attention to detail and follow-up
• Background in IT technologies, processes, and security operations.
• Collaborative, responsible and has personal accountability.
• Able to work with a team and individually with minimal guidance.
• Resourceful, curious to learn and can adapt on emerging security technologies and platforms.

Preferred Qualifications:

• Knowledge of various guides and security frameworks. (NIST, MITRE, CIS, ISO 27001, CVE, etc)
• Knowledge of IOCs, OWASP and types of attacks, malwares, threat actor and vulnerability.
• Knowledge in different security monitoring platforms and cloud technologies.
• Experienced working in a global or regional environment.
• At least One (1) Industry related Security certification (CISA, CISM, ISO27001 LA/LI, CISSP, etc).

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

At JSC, you can play a role in our business success. We understand that key to our success is our people, which is our foundation and priority. We invest in our people to ensure we have the right talent with the leadership and strategic skills the company needs for the future.

We are an equal opportunity employer and do not discriminate on the grounds of sex, race, disability, family status or any other factors.

Come and explore with us