431191 | Security Governance, Risk & Compliance (GRC) Specialist (FT) - #100874

• Define, manage, and update the company's information security policies, standards, and processes in coordination with different business functions to protect infrastructure, business-critical data, and customer information.
• Ensure policies are consistently applied across the company and monitor adherence to the defined governance principles to ensure that expected value is delivered.
• Serve as an SME on information security regulations and advise employees and management on information security requirements and recommendations.
• Plan and deliver security awareness training and other awareness activities to the company’s employees.
• Develop and enhance relationships with Business and Technology stakeholders to understand current challenges and establish a GRC framework to manage risk and compliance levels.
• Coordinate and execute IT / IS risk assessments and reviews, providing risk-based recommendations and tracking the implementation of risk mitigation to completion.
• Work with the Tech team to develop and test IT business contingency and disaster recovery plans.
• Liaise directly with Compliance and various backend Technology teams on regulator inspection, regulatory reporting, external audit, security certificate programs, and internal audit projects to ensure compliance with financial regulations.
• Coordinate and perform compliance activities and checks.
• Conduct and manage external security due diligence checks and 3rd security risk management program that covers onboarding to offboarding.
• Communicate and report to management, present security risks, and recommendations in Risk Management Committees (RMC).
• Manage and track the company's overall security program, projects, and KPIs against the defined security roadmap and framework.

Job Qualifications:

• BS/MS in Computer Science / Cybersecurity with 5 years and above relevant experience in cyber security or information technology risk management in the banking / financial industry.
• Proven experience in running security compliance programs.
• Experience maintaining information security standards and regulations such as NIST CSF, PCI DSS, ISO27001, GDPR, Philippines BSP, MAS TRM, and other regulations.
• Excellent relationship-building and communication skills with the ability to engage people from diverse cultures and different levels.
• Strong stakeholder management skills, with regional experiences to leverage regional knowledge and resources.
• Excellent planning and organizational skills with an ability to meet tight deadlines.
• Good knowledge of cloud computing, networking, OS, and its security aspects.
• Proficient in English and Mandarin is a must to communicate with stakeholders from within the organization.
• CISSP, CISA, and CRISC certifications will be an added advantage.

What we Offer:

• Hybrid work set-up, with offices located in Ortigas, Pasig, and BGC.
• Friendly geo-distributed team of experienced professionals, who happily joined us after working in well-known IT/product companies and perspective startups.
• Work and collaborate effectively with cross-functional compact teams that are constantly improving their tools, pipelines, and working environment.
• Customer-driven development: We don't develop features without listening to our customers, each step makes the product more convenient, useful, secure, and reliable for our users.
• Professional growth: We invest time and money in your career by sponsoring IT conferences, courses, and training.
• Paid medical insurance, and technical equipment at choice.
• Paid Sick and Vacation Leaves upon regularization.

Other Details:

• Salary Budget: PHP 250,000.00 per month
• Work Set-up: Hybrid (Pasig City)
• Education Background: Graduate of Bachelor of Science in Information Technology/ Computer Science
• Years of Exp.: 5-8 years of Relevant experience
• Non-negotiable: Security Governance, Risk, & Compliance (GRC) experience