Information Security Officer (Manager Level / Hybrid)

Role Overview:

The Information Security Officer (ISO) is responsible for overseeing the institution's information and data security. Reporting directly to the Risk Management Head, the ISO ensures the organization's security posture, including risk assessments and incident response, aligns with industry standards. Collaborating with IT and business leadership, the ISO ensures systems remain secure and compliant.

• Main Duties and Responsibilities:

• Policy and Procedure Development:

Design and implement information security policies and procedures aligned with laws and regulations.

• Stay informed about relevant legislation, regulations, advisories, and vulnerabilities.

Plan and schedule activities related to information security, including monitoring IT health checks and performing security reviews.

• Research and recommend security measures for new application programs

• Risk Assessment and Incident Response:

Develop and implement an active information security risk assessment program.

• Establish an incident reporting and response system to address breaches.

Identify recurring issues and initiate change requests for prevention.

• Manage risks to information assets confidentiality, integrity, and availability.

Ensure deviations from security policies undergo Root Cause Analysis (RCA).

• Education and Training:

Coordinate dissemination of security policies, standards, and procedures.

• Develop and deliver educational and training programs on information security.

• Compliance Monitoring:

Monitor compliance with security policies and procedures.

• Take corrective and preventive action as necessary.

• Policy Review and Update:

Conduct periodic review of the Information Security Manual.

• Incorporate updates in regulatory requirements and process changes.

• Additional Responsibilities:

Perform other tasks assigned by the Risk Management Head.

• Competencies and Attitudes:

Technical proficiency in IT Governance, Network Infrastructure, Systems Administration, Unified Threat Management, and Configuration Management Database Administration.

• Strong understanding of regulations and industry best practices.

Excellent problem-solving and analytical skills.

• Strong organizational skills.

• Education and Experience:

Minimum 5 years experience in Information Security, Information Technology, or related fields.

• Preferably licensed or certified (e.g., CISSP).

Excellent project management and communication skills.

• Ability to collaborate effectively across all levels of the organization.

Self-starter with the ability to work independently with minimal supervision.

Job Types: Full-time, Permanent

Pay: Php90,

• 00 - Php150,000.00 per month
  
  Benefits:
• Employee stock ownership plan

Health insurance

• Life insurance

Opportunities for promotion

• Promotion to permanent employee

Schedule:

• Day shift

Monday to Friday
Supplemental pay types:

• 13th month salary

* Performance bonus