We need your expertise and knowledge in providing second line support for all aspects of the Group’s Information Security strategy and arrangements encompassing cultural, physical and technology elements throughout the business, with the primary focus being on Info Sec programme governance and oversight.
Working as part of the Group Risk and Compliance department, the second line Info Sec team interact regularly with the first line IT Security team, providing oversight, challenge and validation of operational controls and procedures. The role holder will work closely with business and technology teams to help articulate and communicate the Info Sec governance programme, identify risks and threats, and evaluate and help implement controls and improvements.
This role is critical for us to maintain our ISO 27001 certification as it applies to the Philippines jurisdiction. Providing training and awareness programme including ownership of the compliance process and assessing the threat landscape to developing the content and publication of training materials through corporate channels
You will periodically do security testing activities (e.g. penetration testing, DR exercises) and manage response activities as well as assisting the audit and client management aspects of the Info Sec team, you will need to help design more effective procedures in creating and facilitating the due diligence questionnaires.