Technology

Information Security Compliance Officer

Associate Level   •   Talomo, Davao City

Job Description

Responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. Improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across Entrego.

Key Responsibilities and Duties
  • Ensure standard parameters of systems and network used by Entrego is within best practices
  • Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local regulations and standards.
  • Develop and manage the frameworks, processes, tools, and consultancy necessary for IT to properly manage risk and to make risk-based decisions to IT activities.
  • Proactive identification and mitigation of IT risks as well as responding to observations identified by the third-party auditors while assisting in the development of periodic reports and presenting the level of controls compliance and current IT risk posture.
  • Assist Entrego with the audits and facilitate management response and remediation efforts.
  • Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership, and relationships.
  • Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation. Provide strategic recommendation to key IT projects to help improve project results, quality of deliverables, risk optimizations security processes and compliance with regulations.
  • Facilitate information security management education and training including user awareness programs.
Requirements
  • Bachelor’s degree in computer science or Information management
  • Experience in risk, compliance, and information security policy
  • Knowledge of laws and regulations including but not limited to RA10173 or the Data privacy Act of 2012
  • Experience with development of cybersecurity educational and awareness programs
  • Excellent organizational and communication skills (both oral and written)
  • Knowledge of information security processes and controls including risk and control frameworks
  • Candidates should have experience in the following:
    • NIST Frameworks
    • ITIL v4 best practices
    • IT security and control best practices
  • ​Skills and Certifications that are good to have but not required:
    • Certification in information security
    • Advance knowledge in OSI framework
    • ITIL v4 Certified
Please note that only shortlisted candidates will be notified for next steps. Rest assured that your application is kept in our active pool for reference.
 

Application Process

1 Resume Screening


2 Online/Phone Screening


3 Onsite assessment and interviews