Information Security Manager

The Information Security Manager is responsible for safeguarding the organization's information assets by implementing, managing, and overseeing the company's security policies, protocols, and procedures. This role involves identifying and mitigating security risks, ensuring compliance with industry standards, and leading efforts to protect sensitive data across all digital platforms.

1. Assess risk and ensure security systems and operations comply with organizational and regulatory requirements
2. Lead the development and execution of security strategies and policies
3. Responsible for day to day execution of security policies and procedures. Using monitoring tools to identify threats and incidents
4. Analyze, design, manage and deliver the services required to minimize the negative impact of security incidents and restoring normal service operation as quickly as possible

Roles and Responsibilities

• Advise appropriate senior leadership on risk levels and changes affecting the organization's cybersecurity posture.
• Work with the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risks.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Continuously validate the organization against policies, guidelines, procedures, regulations, laws to ensure compliance.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Identify alternative information security strategies to address organizational security objective.
• Ensure that cybersecurity requirements are integrated into the continuity planning for systems and/or organization(s).
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Identify information technology (IT) security program implications of new technologies or technology upgrades.
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
• Lead information security risk assessment during the Security Assessment and Authorization process.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• Oversee the information security training and awareness program.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

Core Competencies:

• Business Continuity
• Computer Network Defense
• Database Administration
• Encryption
• Enterprise Architecture
• Information Systems/Network Security
• Network Management
• Operating Systems
• Policy Management
• Risk Management
• Technology Awareness
• Threat Analysis
• Vulnerabilities Assessment

Additional Knowledge Areas:

• ISO 27000 – NIST – CIS – Data Privacy

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Proven experience (5+ years) in information security management, IT risk management, or similar roles.
• Strong understanding of current IT threats, security protocols, and industry best practices.
• Professional certifications such as CISSP, CISM, or equivalent is an advantage.
• Excellent leadership, communication, and project management skills.

About DAVI

Data Analytics Ventures Inc. (DAVI) is the Gokongwei Group's loyalty and data analytics company, specializing in deep-dive data analysis to enhance business processes and customer experiences. Leveraging rich data, DAVI helps businesses understand brand and category performance, identify growth opportunities, and optimize decisions. With a team of industry leaders and innovators, DAVI fosters a culture of excellence, continuous learning, and mentorship, empowering employees to shape their careers and contribute to the rapidly evolving data industry.