Information Technology Risk Manager

About the Job:

The position is primarily responsible for leading the development of information security policies and technology risk framework of the bank, and in coordinating activities associated with identifying, evaluating, and treating information security and technology risks. The position is also responsible for providing relevant information and expert advice to senior management concerning the bank's information risk profile and the status of information risk treatment to

prevent data breach.

Duties and Responsibilities:

A. Information Security Risk Management

1. Oversees the implementation of information security strategic plan with structured control

standards to maximize the utilization of resources and mitigate the risk exposures of the

bank.

2. Monitors and evaluates the quality assurance of various security infrastructure baselines to

ensure a secured operational environment for the processing facilities and connected

services of the bank.

3. Acts as a liaison on information security matters to all units of the bank.

4. Coordinates and directs specific actions that will provide a secure and stable information

system environment consistent with the bank security policies.

5. Creates, and periodically modifies technical standards and standard operating procedures

which support the information security policy of the bank.

6. Develops and maintains user access models.

7. Ensures that new bank products, services and systems have complied with security policies

and standards before implementation.

8. Administers adequate controls to safeguard critical bank information assets during system

implementation or migrations.

9. Reviews compliance with regulatory requirements and internal control standards.

10. Heads the information incident handling. Requests approval for an external consultant to

review security related projects, if necessary.

B. Information Security Risk Assessment

1. Performs bank product evaluation and participates in in-house system development projects.

2. Assists in control implementation, investigates information security breach, and performs

other activities to assure a secure information handling environment.

3. Conducts bank IT risk assessment with detailed evaluation of the information security risk

currently facing the bank with recommended actions to be taken.

4. Directs an independent internal vulnerability assessment and penetration testing upon

approval by senior management.

5. Spearheads the information security awareness programs.

C. Management Leadership

1. Recommends plans, programs, budget, and performance targets of the department.

2. Plans, directs, and coordinates all activities in the department to reach maximum level of

employee productivity throughout the workforce.

3. Provides upfront leadership in supervising all direct and indirect reports and planning for

their career advancement and aspirations.

4. Supervises and evaluates the performance of all direct reports.

5. Approves/schedules all vacation leaves of all direct reports.

D. Others

1. Makes recommendations on matters pertinent to business operations and other related

activities.

2. Participates actively during staff meetings, training programs and other professional

development work.

3. Performs other related duties as assigned.

Job Specific Competencies

A. Information Security Management and Risk Assessment.

B. Knowledge of information security standards, systems, and controls.

C. Knowledge of Bank Control Standards..

D. IT Risk Management.

E. Analytical Thinking.

F. Problem Solving and Decision Making.

G. Planning and Organizing.

H. People Management.

I. Coaching and Mentoring.

Requirements:

Education: Graduate of any computer-related or math-related degree

Experience: At least five (5) years of work experience in managing information security in any related industry.

Specific Knowledge: Information Security Management and Risk Assessment, Knowledge of information security standards, systems, and control.