Information Security and Compliance Specialist

The Information Security and Compliance Specialist will help in the delivery of the Information Security Management function. The purpose of the Information Security Management function, in turn, is to bring the organization's information security risks under explicit management control through the Information Security Management System – ISMS. To systematically manage the policies and procedures of the company's information and sensitive data. With the goal of minimizing risk and ensuring business continuity by proactively limiting the impact of a security breach. He/she also ensures that it is sensibly protecting the Confidentiality, Integrity and Availability (CIA) of data, assets and information from threats and vulnerabilities.

The incumbent will assume responsibility for the below:

• Information Security Monitoring & Analysis
• Information Security Incident Response
• Vulnerability & Exposure Management
• Investigations & Data Forensics (with the aid of an available tool)
• Penetration Testing & Technical Control Verification
• Information Security Metrics & Reporting

JOB DESCRIPTION

• Lead the design, implementation, operation and maintenance of the Information Security Management System (ISMS) based on standards, including certification when required, e.g. ISO 27001, ISO 27002, PCI-DSS.
• Maintain information security standards and procedures in compliance with risk assessments and current business requirements.
• Act as an internal consulting resource on information security issues.
• Facilitate the information security risk assessments.
• Review compliance with the information security policy and associated procedures on an ongoing basis via monitoring tools and report from annual security audit to the CIO and other stakeholders.
• Coordinate and be active in information security efforts within and across various business units, and cooperate with the IT, HR, legal, financial, and executive offices.
• Provide periodic reporting on information security issues to Senior Manager and/or CIO and management and to the Information Security Steering Committee.
• Coordinate security orientation and security awareness programs.
• Cooperation with third parties providing outsourced IT security services, e.g. email anti-virus and anti-spam, firewalls, intrusion detection/prevention systems, etc.
• Co-ordinate responses to information security events.
• Ensure adequate security for existing and new information systems.
• Maintain awareness of changes in the industry and propose recommendations to improve the organization's computer systems risk posture.
• Facilitate the configuration of network intrusion detection and prevention sensors and other information security monitoring infrastructure.
• Collect, assess, and report upon relevant threat intelligence/actionable security information and appropriately modify tactical operations.
• Under limited supervision and general direction, evaluate and report on the effectiveness of security and compliance controls, as well as risk mitigation strategies in IT and business environments of third-party providers.
• Assist in defining, developing, and implementing third-party risk assessment program processes in accordance with the defined risk appetite.
• Identify and support opportunities for improving company IT risk posture and processes, including expanded monitoring, KRI tracking, etc., by applying knowledge of security, regulatory, and IT risk lifecycle frameworks.
• Assist in defining, developing, and implementing third-party risk assessment program processes in accordance with the defined risk appetite.
• Identify and support opportunities for improving company IT risk posture and processes, including expanded monitoring, KRI tracking, etc., by applying knowledge of security, regulatory, and IT risk lifecycle frameworks.
• Assist with and/or lead various IT risk management or vendor implementation and support program initiatives working closely with management, peers, and other internal teams.
• Support team and stakeholder education and awareness by developing training materials and facilitating training, providing guidance, and sharing best practices.
• Serves as subject matter expert for escalated or complex matters and quality assurance review of team member assessments as needed.
• Review existing and new contracts with third parties to ensure company security, compliance, or governance-related requirements are being met.
• Collaborate with multiple internal business and procurement teams to identify, address, and communicate inherent and residual risks.
• Effectively communicate technical issues to diverse audiences.
• Effectively communicate and coordinate planning, preparation, execution, review, and remediation phases of risk assessment activities.
• Monitor computer networks for security issues with the help of IT Security Team.
• Investigate security breaches and other cybersecurity incidents as well as documenting security breaches and assess the damage they cause.
• Coordinate the installation of security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Work with the IT Security team to perform tests and uncover network vulnerabilities or employing third-party vendors for Vulnerability Assessment and Penetration Testing.
• Fix detected vulnerabilities to maintain a high-security standard.
• Stay current on IT security trends and news.
• Develop company-wide best practices for IT security.
• Facilitate the installation of security software and understanding information security management.
• Research security enhancements and make recommendations to management.

COMPETENCY REQUIREMENTS

(Required knowledge, skills and attributes to achieve the job goals)

• At least 3 years of professional experience in Information and IT Security
• Knowledge of ISMS and IT Security processes, e.g. ISO27001, 27002, NIST, PCI-DSS, Cloud Security
• Experience in working in a multinational company
• Ability to identify the work required and organize, facilitate and/or perform the work with only minimal guidance from IT leadership management
• Excellent communication skills
• Excellent analytical skills
• Amenable to work in Head Office (Bicol Region)

EDUCATIONAL QUALIFICATIONS

Educational Qualifications

• Bachelor's Degree in Computer Engineering, Bachelor's Degree in MIS / Business / IT or a similar subject with strong exposure to Information Technology and Information Security.

Job Experience

• At least five (5) years of related experience or in a similar capacity.

Licenses and Certifications

• Related certification is a plus.

Job Type: Full-time

Pay: Php100,000.00 per month

Work Location: In person