Leads the enterprise-wide information security compliance strategy to ensure regulatory alignment, audit readiness, and continuous control improvement. Manages and supervises a team of compliance auditors, providing guidance and mentorship while overseeing audit governance and execution. Drives the development and implementation of audit programs and closure of compliance gaps, in collaboration with internal and external audit partners. Ensures compliance efforts align with industry standards and evolving regulatory requirements, while proactively monitoring developments to strengthen the organization's security posture and governance maturity.
Audit Issue Management and Resolution
- Oversees audit-related activities, ensuring timely and complete resolution of all audit findings. Coordinates with relevant stakeholders to implement sustainable remediation plans that address root causes and prevent recurrence.
Remediation Oversight and Timeline Management
- Ensures that all remediation plans are comprehensive, actionable, and executed within agreed timelines. Monitors progress and escalates risks to timely closure, reinforcing accountability and governance discipline
Stakeholder Engagement and Compliance Closure
- Partners with internal and external audit teams to drive the closure of compliance gaps of the Cyber Security Operations Group (CSOG). Facilitates cross functional collaboration to ensure audit recommendations are fully addressed and compliance maturity is continuously improved.
Security Control Validation and Gap Management
Conducts independent validation of cybersecurity control process. Identifies and tracks remediation of process gaps, ensuring that corrective actions are effectively implemented and aligned with industry best practices.
Information Security Compliance Auditing
- Leads the execution of regular audits across the PLDT Group to assess compliance with the Corporate Information Security Policy (CISP) and other security controls, including but not limited to ISO/IEC 27001 and the NIST Cybersecurity Framework (CSF).
Regulatory Intelligence and Best Practices
- Monitors evolving regulatory requirements and industry best practices to proactively enhance the organization's compliance posture. Ensures continuous improvement of audit methodologies and control frameworks.
Tool Management and Delivery
- Leads the deployment, integration, and continuous enhancement of compliance tools that enforce security policies and support regulatory adherence through effective utilization, governance, and audit-aligned capabilities.
Project Management
- Ensures timely and high-quality delivery of technical assessments for key information security initiatives, in collaboration with the Capability and Delivery team.
People Management
- Provides timely, constructive feedback on staff and supervisor performance. Acts as a mentor and role model, fostering growth and development. Ensures the creation and execution of effective succession plans to build future leadership.
Operational Support
- Provide leadership and support for additional duties and responsibilities as assigned, ensuring alignment with organizational priorities and operational excellence.
EDUCATION
Bachelor's degree in Information Technology, Computer Science, Engineering, Accountancy, or any related course/discipline.
WORK EXPERIENCE
- Over 5 years of strong leadership in IT and cybersecurity, specializing in Information Security Management Systems (ISMS), audit practices, Governance, Risk, and Compliance (GRC), as well as regulatory, industry and international standards.
- Demonstrated a proven track record in leading enterprise wide security audits and contributing to the management of compliance programs aligned with cybersecurity frameworks such as ISO/IEC 27001 and the NIST Cybersecurity Framework (CSF).
- Exhibits strong capability in cross functional collaboration, enhancing security control maturity, and maintaining alignment with evolving regulatory and industry standards.
Technical Skills
- Experience in any of the following fields:
- Implementation and auditing of Information Security Management Systems (ISMS)
- Security control assessment and validation
- Application of industry frameworks and standards, including the NIST Cybersecurity Framework, the ISO/IEC 27001 international standard, and SOX regulatory compliance.
- Audit governance support, remediation tracking, and issue closure
- Risk assessment and compliance reporting
- Use of compliance monitoring tools (e.g., RSA Archer, ServiceNow GRC)
- Data analytics for evaluating audit outcomes and control effectiveness
- Documentation, audit trail management, and reporting
- Cloud security compliance (e.g., AWS, Azure
