Job Summary:
Responsible for establishing an enterprise wide strategy and program to ensure information assets of the RCBC group are adequately protected.
How will you contribute:
- Develops and executes an information security strategy and program aligned with business objectives.
- Enforces compliance with the information security program (ISP) and the corresponding policies, standards, and procedures across the Bank.
- Establishes information security policies, standards, and procedures for information security risk management.
- Develops and implements an information security awareness program.
- Conducts security awareness and training programs catered to different sets of stakeholders.
- Reviews compliance to information security policies, standards and procedures.
- Oversees process for detecting, analyzing and responding to information security incidents.
- Assesses effectiveness of information security controls.
- Coordinates and works with business process owners and executives across different departments to ensure that information security requirements support business needs and security systems and processes are working as intended.
- Keeps senior management and board of directors apprised on information security risks
- Educates, informs, and reports to the Chief Risk Officer (CRO) and Senior Management relevant information security issues and concerns.
- Prepares policies for certain information security technologies, products, and arrangements for Board approval.
- Keeps abreast of updates on BSP policies as stipulated in the Manual of Regulations for Banks (MORB) and Bank policies as specified in the Money Laundering and Terrorist Financing Prevention Program (MTPP) through circulars, required seminars/programs and adheres to said policies.
What will make you successful:
- Graduate of any Business-related course
- Must have experience in information & IT risk management as well as information security functions and knowledgeable on existing information security standards and best practices
- At least five (7) years experience in risk management and information security
- At least ten (10) years experience in information technology governance (including, but not limited to development, implementation, maintenance)
- Certifications: Preferably CISM, CISA, and/or CRISC or related certifications from internationally recognized institutions/organizations
