Job Description

Information Security Officer

Bagong Ilog, Pasig City Full-time
Core Function:
The Information Security Officer acts as staff to the CEO and Board of Director’s Corporate Compliance Committee by monitoring and reporting results of the compliance/ethics efforts of the company and in providing guidance for the Board and senior management team on matters relating to compliance. The Info Sec Officer, together with the Corporate Compliance Committee, is authorized to implement all necessary actions to ensure achievement of the objectives of an effective compliance and information security program.

• Candidate must possess at least a Bachelor’s/College Degree in Information Technology or any related course
• At least 5 - 10 year’s work experience including demonstrated leadership
• Must be able to communicate ideas well
• Excellent presentation skills with experience presenting to Executive level management
• Superb technical and report writing skills
• Excellent English communication

Duties and Responsibilities:
Develops, initiates, maintains, and revises policies and procedures for the general operation of the Compliance Program and its related activities to prevent illegal, unethical, or improper conduct. Manages day-to-day operation of the Program.
Develops and periodically reviews and updates PCI Standards to ensure continuing currency and relevance in providing guidance to management and employees.
Collaborates with other departments (e.g., Risk Management, Internal Audit, Employee Services, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution. Consults with the Corporate attorney as needed to resolve difficult legal compliance issues.
Responds to alleged violations of rules, regulations, policies, procedures, PCI Standards of Conduct by evaluating or recommending the initiation of investigative procedures. Develops and oversees a system for uniform handling of such violations.
Acts as an independent review and evaluation body to ensure that compliance Issues/concerns within the organization are being appropriately evaluated, investigated and resolved.
Monitors, and as necessary, coordinates compliance activities of other departments to remain abreast of the status of all compliance activities and to identify trends.
Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
Provides reports on a regular basis, and as directed or requested, to keep the Corporate Compliance Committee of the Board and senior management informed of the operation and progress of compliance efforts. Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.
Establishes and provides direction and management of the compliance Hotline.
Institutes and maintains an effective compliance communication program for the organization, including promoting (a) use of the Compliance Hotline; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related policies and procedures.
Works with the Information Technology department as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
Monitors the performance of the Compliance Program and relates activities on a continuing basis, taking appropriate steps to improve its effectiveness.

Deliver and lead complex PCI projects, including but not limited to:
• PCI Level-3 assessments
• PCI remediation consulting
• Report writing (ROC, Gap Analysis, etc.)
• Technical evidence and policy review
• Providing direction to other personnel involved

Have one of the following certifications:
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• GIAC Systems and Network Auditor (GSNA)
• Certified ISO 27001, Lead Auditor, Internal Auditor
• International Register of Certificated Auditors (IRCA)
• Information Security Management System (ISMS) Auditor
• Certified Internal Auditor (CIA)

Have one of the following certifications in the last twelve months:
• PCI QSA (PCI Qualified Security Assessor)
• PA QSA (Payment Application Qualified Security Assessor)
• P2PE QSA (Point to Point Encryption – Quality Security Assessor)
• P2PE PA QSA (Payment Application Point-to-Point Encryption Qualified Security Assessor)

*Please note your resume should only be .PDF or Word document. No other formats are accepted. **Due to a high volume of applicants, only successful candidates will be contacted.