Head of Information Security (InfoSec)

Work Setup: Onsite (Ayala Cebu)

Shift Schedule: Day Shift

Educational Requirements:

• Bachelor's degree in an IT-related program
• Extensive hands-on experience in Information Security and/or IT Security with at least 3 years of leadership experience.
• Experience in application, database, and operating system security assessment
• Experience in monitoring compliance with security policies
• Experience in vulnerability assessment and security penetration testing
• Knowledge of IT processes and functions

Job Overview:

The Information Security Head is primarily responsible for designing, communicating, and monitoring reliable information security safeguards across the bank's information technology infrastructure; assisting in the implementation of the appropriate information security measures to protect the bank's information assets; and providing advice on handling operational information security concerns.

Duties & Responsibilities:

• Formulates security guidelines and assists in the implementation of security rules in protecting the confidentiality and integrity of Bank's information assets and helps maintain the technical mechanisms to ensure legitimate access (availability).
• Updates security related policies and processes as necessary for the bank's operations and coordinates the efforts related to its review, approval, and communication.
• Assists Information Technology Department in the implementation of the network and data center operations for the development of technology strategies and policy implementation.
• Works closely with the Information Technology Department on the resolution of BSP and Internal Audit findings and confirms the status of pending security-related audit findings and updates the Audit database accordingly.
• Coordinates closely with the Information Technology Department, Compliance, and Internal Audit to ensure adequate preparedness for pending information security-related audits and timely follow-up on relevant audit findings.
• Oversees the proper execution of the periodic review of technical privileged and regular user accounts to ensure all evidence is adequately maintained.
• Monitors the Systems Access Control database for accuracy and completeness and reports any discrepancies to the IT Department Head.
• Performs other responsibilities and tasks that may be assigned from time to time, depending on business needs.