Information Security Officer (Governance)
Makati, Philippines
3d ago
  • The Governance Section Officer shall be responsible for the establishment, implementation and maintenance of information security within the bank.
  • Assists the Section Head in monitoring the bank-wide information security (IS) program.
  • Implement the Information Security Strategic Plan and Information Security Program of the Bank
  • Develops, reviews, updates and implements the IS policy, standards, guidelines and procedures
  • Handles policy exception
  • Conducts bank-wide security risk assessments of information assets (ISRA)
  • Analyzes information security risks for all the bank’s initiatives and operations
  • Ensures that the level of protection implemented for information assets is verified against the requirement of information asset classification guidelines
  • Consolidates of information asset inventory and ensures appropriateness of classification
  • Develops, deploys, and measures the bank-wide Information Security Awareness Program in coordination with the other groups (e.g., HRD, IT, etc.)
  • Coordinates with the information asset owners and system administrators to determine the appropriate access rights to be given to bank personnel
  • Reviews the creation, modification and deletion of user accounts and access rights of users to specific information systems
  • Establishes and agrees the information security requirements with each third party that processes Bank’s information assets
  • Conducts compliance / audit checks for third parties
  • Coordinates with DPO in identifying and monitoring of data privacy requirements
  • Defines security performance metrics
  • Collates information for periodic security performance metrics for submission to management.
  • Monitor any updates to information security related legal, third party, regulatory or audit requirements and ensures that these are cascaded bank-wide.
  • Must be knowledgeable in banking operations and controls
  • Must have at least 1-3 years of experience in handling Information Security Management (ISMS)
  • Must have a working knowledge with ISO 27001 and 27002 standards
  • Must have an experience in developing policy and standard requirements based on known standards and best practices.
  • Must have knowledge in Information Security Risk Assessment
  • Must have an experience on delivering training (e.g. new employee orientation)
  • Must be assertive in implementing control policies, guidelines and procedures
  • Control-oriented individual with highly-developed analytical ability
  • Must have good written and verbal communication skills
  • Must have integrity, combined with high personal and professional standards
  • Must have an ability to work well both independently and collaboratively as a member of the team.
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form