Information Security Officer

About the role

Dumaguete Bank is seeking an experienced Information Security Officer to join our dynamic team in Dumaguete City, Negros Oriental. As the Information Security Officer, you will play a crucial role in ensuring the security and protection of our organisation's sensitive data and IT infrastructure. This full-time position is an excellent opportunity for a security professional to make a meaningful impact within a forward-thinking financial institution.

What you'll be doing

The Information Security Officer (ISO) will be responsible for aligning security initiatives with business objectives, ensuring that our banking operations are secure and compliant with statutory standards while meeting customer needs and maintaining high security standards across the Bank.

• Formulate the ISSP and ISP for approval by the Board and Senior Management and implement and manage the duly‐approved ISSP and ISP.
• Develop policies and procedures for access onboarding, modifications and offboarding across systems and monitor its execution and oversee the provisioning and deprovisioning of user access to enterprise and production applications and systems. Review and approve access requests and role-based access control matrices.
• Coordinate and work with IT Unit and officer across different departments to ensure that information security requirements support business needs and security systems and processes are working as intended.
• Monitor and enforce compliance with the ISP and the corresponding policies, standards and procedures across the organization and conduct security awareness and training programs catered to different sets of stakeholders.
• Educate, inform, and report to the Board and Senior Management relevant information security issues and concerns.
• Ensure that security controls and processes are embedded throughout the lifecycle of information, systems, applications, products and services.
• Conduct and assist in the effective implementation of information security incident response plan and assist in ensuring regulatory compliance and adherence to information security‐related laws, rules and regulations.

Key Responsibilities

• Strategic Alignment: Align security initiatives with business goals and objectives, ensuring that security measures support the overall mission of the Bank. Advocate for information security best practices and risk management solutions to enhance the Bank's overall security posture.
• Risk Management: Identify, assess, and mitigate security risks associated with banking operations. Develop and implement risk management strategies to protect sensitive information.
• Policy Development: Develop and enforce security policies, standards, and procedures to ensure compliance with international regulations and industry best practices.
• Security and Business Integration: Work closely with units, IT, and other stakeholders to integrate security into all aspects of the Bank's operations. Provide guidance and support to ensure security is considered in all business decisions. Act as a bridge between technical and business teams, ensuring alignment and smooth integration.
• Training and Awareness: Drive security awareness initiatives across the bank to foster a security-conscious culture
• Continuous Improvement: Continuously monitor the effectiveness of security measures, identify gaps, and recommend improvements. Work with internal teams to develop innovative solutions to enhance security across business operations.

What we're looking for

• Minimum of 2 years of experience in information security, ideally in the banking or financial services industry
• Strong technical expertise in security technologies, such as firewalls, intrusion detection/prevention systems, and identity and access management
• Proficiency in security risk assessment, vulnerability management, and incident response
• Excellent problem-solving, analytical, and critical thinking skills
• Strong communication and stakeholder management abilities
• Relevant certifications, such as CISSP, CISA, or CISM, are highly desirable but not required
• Tertiary degree in Computer Science, Information Technology, or a related field

If you are passionate about information security and ready to take on a challenging and rewarding role, we encourage you to apply now.