Duties and Responsibilities
· Participates in implementing Technology/IT Risk Management Framework and Plan across the organization covering IT and OT environment.
· Participates in developing and implementing the technology/IT risk policies and procedures of the various group.
· Participates in performing independent Technology/IT Risk Assessments and Risk Management Process.
· Collects and validates data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders for their decision-making process.
· Participates in preparing Technology/IT Risk Management and/or DPA Reports and Materials for the organization to ManCom, ExeCom and BOD on relevant internal Technology/IT risks.
· Participates in evaluating the effectiveness of the existing Technology/IT Risk Management processes, in identifying improvement needs and in recommending improvement measures.
· Participates in developing, reviewing, implementing, monitoring and overseeing the Information Security Management System (ISMS) including Cybersecurity standards, policies and procedures of the organization
· Participates in managing the conduct of Technology Risk, Information Security and DPA awareness/orientation program. Acts as the DPO of the organization for further compliance to Data Privacy Act (DPA) and applicable laws and issuances of National Privacy Commission (NPC).
· Assists the Group DPO in managing the DPO Council in meeting its objectives.
· Graduate of B.S. Computer Science, B.S. Computer Engineering or B.S. Information Technology
· At least 5 years experience in handling information security
· Strong experience in IT Policy making and governance
· 5 years of experience in managing risk and security
· Must have experience as a Data Privacy officer
· Must be ISO 27001 Certified