The position is responsible for the governance, execution, implementation, validation, assessment, testing, and monitoring of the Jollibee Group's Technology and Information Security Framework, Controls, and Policies. The position owns enterprise and functional risk and controls assessments, internal control documentation, and business continuity planning related to IT controls and security processes.
The position serves as the governance and improvement expert for technical and security initiatives, provides consulting and advisory on information security requirements, and acts as a key driver of the Global Information Security Policy (GISP). It works closely with Business Technology and Digital Technology across regions and partners with the Compliance Officer for Privacy (COP DPG) to support the DPO's global obligations, ensuring alignment between security and privacy standards.
Key Responsibilities
Global Information Security Governance, Risk & Incident Management
- Establish and maintain a General IT Controls, Information Security, and Cybersecurity Assessment Framework for business strategies, mergers and acquisitions, and transformation initiatives, aligned with the Group's GRC capabilities.
- Design, lead, and execute global and regional information security, IT controls, and cyber maturity assessments, including remediation action plans and glidepaths.
- Lead enterprise, functional, and risk-based IT controls and security assessments, audits, and due diligence activities.
- Support and help orchestrate the Global Information Security Council, including objectives, accountability, and cross-regional alignment.
- Drive cross-regional standardization and capability rationalization to address identified security and control risk areas.
- Orchestrate incident management, documentation, monitoring, and follow-through, in coordination with COP DPG for privacy-related incidents.
Global Information Security Policy Ownership
- Serve as owner of the Global Information Security Policy (GISP) and related standards, including periodic industry and regulatory appraisal, updates, and content management.
- Interpret and operationalize policy requirements to ensure consistent implementation across regions and functions.
- Drive policy compliance and cascading of standards into functional and operational procedures.
- Design and implement compliance sweep methodologies in partnership with Internal Audit.
- Prepare and deliver executive presentations on security risk posture, remediation plans, and control effectiveness.
- Act as Level 1 escalation point and advisor for global information and cybersecurity matters.
Technology Governance & Continuous Improvement
- Conduct periodic review of IT controls and security policies in coordination with Business Technology, Digital Technology, and Internal Audit, ensuring alignment with global standards (e.g., ISO, NIST, COSO).
- Serve as first-level reviewer of operational security and controls policies to ensure alignment with GISP and governance standards.
- Partner with business functions to proactively identify and mitigate security and control risks.
- Drive change management and continuous improvement initiatives, including process optimization and project management as needed.
Enterprise Education, Project & People Management
- Lead information security awareness, training, and compliance programs, including mandatory GISP e-learning and annual renewal requirements.
- Co-lead Information Security and Data Privacy Month initiatives with COP DPG.
- Develop and conduct enterprise-wide and function-based information security trainings, webinars, and executive briefings.
- Champion the rollout and adoption of IT controls and information security policies.
- Lead or support security-related projects across regions and functions.
- Manage and develop team members and consultants, driving performance, talent development, and a strong compliance culture.
Job Qualifications
- College graduate in Business Management, Accounting, Finance, or IT-related courses.
- At least 912 years of experience in Information Security Operations, Audit, Advisory, or Governance.
- Preferred background in FMCG, Food & Beverage, Banking, Financial Institutions, or IT risk/cybersecurity consulting.
- Basic coding and DevOps knowledge; IT Audit/Governance experience preferred.
- Master's degree or relevant certifications (CIA, CISA, CICA, CIPP, PMP, ITIL, Lean Six Sigma) are a plus.
- Willing to work in Ortigas, Pasig (Hybrid Work Setup).
