Information Security Officer

Position:
Information Security Officer

Job Type:
Permanent

Work Setup:
Hybrid (1x a week)

Shift Time:
Night

Location:
Manila

Job Summary:

The Information Security Officer will be responsible for ensuring the confidentiality, integrity, and availability of information assets. This includes developing and implementing information security policies, procedures, and standards, as well as conducting risk assessments, vulnerability testing, and penetration testing. The successful candidate will also be responsible for providing guidance and support to employees on information security best practices and ensuring compliance with relevant laws, regulations, and industry standards.

Key Responsibilities:

1. Develop and Implement Information Security Policies and Procedures:

• Develop, implement, and maintain comprehensive information security policies, procedures, and standards to ensure the confidentiality, integrity, and availability of information assets.

• Ensure that all policies and procedures are aligned with relevant laws, regulations, and industry standards.

1. Conduct Risk Assessments and Vulnerability Testing:

• Conduct regular risk assessments to identify potential security threats and vulnerabilities.

• Oversee vulnerability testing and penetration testing to identify weaknesses in systems and networks.

• Develop and implement remediation plans to address identified vulnerabilities and weaknesses.

1. Incident Response and Management:

• Develop and implement an incident response plan to ensure that staff are prepared to respond to security incidents in a timely and

effective manner.

• Coordinate with other teams, such as IT and Compliance, to respond to security incidents.

• Conduct post-incident reviews to identify areas for improvement and implement changes to prevent similar incidents from occurring in the future.

1. Compliance and Regulatory Requirements:

• Ensure that in compliance with relevant laws, regulations, and industry standards, such as ISO 27001, SOC II, HIPAA, PCI-DSS, and GDPR.

• Conduct regular audits to ensure compliance with information security policies and procedures.

1. Employee Education and Awareness:

• Develop and implement a security awareness program to educate employees on information security best practices and the importance of protecting information assets.

• Provide guidance and support to employees on information security-related matters.

1. Learning and Development:

• Stay up to date with emerging trends and technologies in information security.

• Stay current with threats and trends in information security

• Evaluate and recommend security technologies and solutions to improve information security posture.

1. Budgeting and Resource Allocation:

• Develop and manage the information security budget to ensure that has the necessary resources to implement and maintain a

comprehensive information security program.

• Effectively manage and allocate necessary resources to ensure the timely and cost effective completion of information security initiatives.

1. Communication and Collaboration:

• Collaborate with other teams, such as IT, compliance, and audit, to ensure that information security is integrated into all aspects of operations.

• Communicate information security-related matters to senior management and the board of directors.

Required Skills:

1. Certifications:

• CISSP, CISM, CEH, or other relevant information security certifications.

1. Experience:

• At least 5 years of experience in information security, with a focus on developing and implementing comprehensive information security programs.

• Background in IT Infrastructure a plus

• Experience in a similar industry or sector is preferred.

1. Skills:

• Strong knowledge of information security principles, practices, and technologies.

• Experience with risk assessment, vulnerability testing, and penetration testing.

• Strong analytical and problem-solving skills.

• Excellent communication and interpersonal skills.

• Ability to work in a fast-paced environment and prioritize multiple tasks and projects.