Shall represent the bank in all cybersecurity matters and will be responsible for establishing and maintaining Information Security Management Program to ensure that the information assets are adequately protected. The ISM should be able to identify, evaluate and report the information security risks in relation to the bank's compliance and regulatory requirements, and should be able to align and support the risk posture of the institution. The manager
will proactively work with the company's different business units to implement practices that meet the standard of information security. They shall serve as the process owner of all assurance activities related to availability, integrity, and confidentiality of the customers, business partners, employees, and different business information in compliance with the organization's information security policies.
The specific tasks of the job are as follows:
Information Security Strategic Plan. Own and communicate a divisional roadmap for information security that is aligned with the risk appetite of the bank, and collaborate with the IT Network Manager in creating an overall security roadmap.
They should be able to develop, implement and monitor said plan in collaboration and assistance of the members from the headquarters. Alongside this, they shall establish the information security policies, standards, and guidelines of the bank.
Additionally, to maintain a knowledge database comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
Risk Management. Managing risk by regularly assessing the vulnerability of the systems being used to cyber-attacks or other forms of security breaches. The manager should also establish a risk-based process for vendor risk management, including the assessment and treatment of risks that may result from partners, consultants, and other service providers.
Stakeholder Management. Build and maintain effective relationships with the bank's business stakeholders. The role should be able to maintain a strong communication within the business area and the business itself within information
security. Furnish a framework for roles and responsibilities regarding information ownership, classification, accountability and protection.
Compliance and Regulation. Coordinate with internal and external auditors regarding security assessments, ensuring that these assessments are compliant with the standards of Bangko Sentral ng Pilipinas. Along with this, they shall be