Job Description

About Security Bank

We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.

We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.

Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.

In our constant pursuit of excellence and improvement, we create teams that support our business and each other.

The Role

As Security Governance Manager, you will ensure that the department members with security duties and responsibilities across the SBF are aligned and driving toward the desired organizational control objectives and consistent methods and solutions

How you’ll contribute

• Ensure the development, dissemination, implementation, review, and updating of security policies, processes, standards, strategy, framework, flowcharts, roadmap, and blueprints are aligned to the company’s business risks and threat models including the applicable legal and regulatory compliance requirements
• Perform cybersecurity governance and create an architecture that ensures SBF’s security programs are aligned with business objectives and compliant with regulations and standards to ensure the security and protection of internet-connected systems such as hardware, software, and data from cyber threats
• Drive cross-organizational collaboration and teamwork in integrating information security controls into business processes and operations through an information security program and risk management process
• Ensure that an enterprise-wide information security risk assessment is conducted within the context of the organization, implementation of risk register and treatment plans, development of metrics, and its periodic monitoring and measurement
• Ensure information and cybersecurity vulnerabilities and control gaps are properly documented and periodically assessed and analyzed to maintain risk to an acceptable level
• Seek out and implement process improvements intended to simplify and improve the efficiency, effectiveness, and relevance of information security management systems across the organization including enhancement of security controls to address security weaknesses or failures encountered
• Manage the resolution and escalation of issues, incidents, and concerns of department members and ensure timely escalation to the Department Head regarding critical or sensitive issues
• Responsible for the strategic creation of departmental vision, culture, and performance standards as well as overseeing its implementation and adoption driving employee engagement
• Lead the periodic conduct of information security governance review meetings and reports to management
• Act as a point of contact between the Information Security Department and other internal and external stakeholders for matters related to information security management
• Oversee the review and refresh of the information security governance collaterals such as but not limited to documented policies, standards, strategies, programs, awareness campaigns, checklists, metrics, etc
• Collect feedback from stakeholders periodically to drive service improvements and security enhancements
• Ensure the inclusion and implementation of appropriate security controls in the design and development of new projects and/or key changes and the conduct of vetting processes to ensure adequate mitigation of vulnerabilities

What we’re looking for

• Bachelor’s Degree in BSIT, Computer Science, or related field
• At least 5 yrs experience relevant experience from Banking/Lending Companies/Fintech
• Experience working in security at a Financial Technology Company or similar environment.
• Leadership skills to drive large-scale complex programs with high collaboration and leadership.
• Outstanding communication and cooperation skills with the ability to articulate complex issues.
• The ability to analyze problems and make appropriate decisions and resolutions accordingly.
• Ability to deal with ambiguity and willingness to learn new skill-sets while delivering.
• Knowledge of industry standards such as but not limited to PCI-DSS, ISO27001, AWS Best Practice, NIST Cybersecurity Framework, and Data Privacy Act.