The Information Security Risk Officer is responsible for identifying, analyzing, and managing information security risks in alignment with ISO 27001, and other relevant standards. This role supports the development and maintenance of the organization's Information Security Management System (ISMS) by providing risk insights, driving mitigation strategies, and ensuring compliance with applicable regulatory and contractual obligations.
- Key Responsibilities
- Conduct information security risk assessments on systems, processes, vendors, and projects in accordance with ISO 27001 and other recognized risk management frameworks.
- Identify, evaluate, and document information security risks and recommend appropriate mitigating controls.
- Develop and maintain the organization's information security risk register, ensuring timely updates and tracking of risk treatment actions.
- Support risk owners in developing and implementing risk treatment plans and control improvements.
- Coordinate and facilitate risk reviews, including annual reassessments and reviews triggered by significant changes.
- Collaborate with stakeholders across business units to promote a risk-aware culture and improve understanding of risk management practices.
- Contribute to policy development and participate in ISMS planning and continuous improvement activities.
- Stay current with developments in information security risk management, threat landscapes, and emerging technologies.
Qualifications and Experience
- Bachelor's degree in Information Security, Risk Management, Computer Science, or a related discipline; professional certifications such as CRISC, ISO/IEC 27005 Risk Manager, CISSP, or CISM are preferred.
- Minimum 3-5 years of experience in information security, risk management, or compliance roles.
- Solid understanding of information security risk assessment methodologies.
- Experience in maintaining a risk register and developing practical mitigation strategies with
- cross-functional teams.
Key Competencies and Skills
- Strong analytical skills and the ability to identify and assess complex information security risks.
- Excellent interpersonal and stakeholder engagement skills.
- Effective written and verbal communication, especially in producing risk reports and presentations.
- Ability to prioritize and manage multiple tasks in a dynamic environment.
- Attention to detail and a structured approach to problem-solving.
- Commitment to professional development and continuous improvement in the field of information security risk.
About DigiPlus Interactive Corp.
DigiPlus Interactive Corp. pioneered digital entertainment in the Philippines. It introduced leading platforms BingoPlus and ArenaPlus, widely known for their engaging experiences in interactive gaming and sports entertainment. DigiPlus also operates GameZone, with more to come. For more information, visit: www.digiplus.com.ph.
