Information Security Manager  

Why We Exist

The most awarded digital bank in the Philippines & the fastest growing bank in ASEAN.

We entered the Philippines market to spark the future-ready, customer-obsessed transformation in the financial services sector. Since our launch, we have rallied behind the vision of bringing an accessible and seamless banking experience to the consumers while helping them achieve financial freedom. We aim to be the most trusted digital bank for every Filipino.

The People & Culture

We call ourselves CIMB Mavericks - unique individuals who are thriving in a fast-paced and highly competitive environment. Everyone who joins CIMB Bank is not afraid to own big responsibilities and are very persistent in creating new ways to achieve our goals. Aside from looking after our own successes, we embody malasakit and ensure that we also take care of our colleagues’ feat. Every day we are fueled by our shared purpose. To top it off, we thrive in a modern work environment which allows us to be fun to the core.

Key Responsibilities

1. Provide sound direction, guidance, advice, and consultation to business units concerning Technology and Information Security risk.
2. Develop policies, procedures, or guidelines to ensure the security and privacy of information and computer systems.
3. Lead third-party assessments to adhere to the company’s controls over Outsourced Service Provider, including IT due diligence, data privacy, and cyber resiliency.
4. Participate in IT projects to implement baseline security requirements for a network, Operating system, databases, and other IT appliances to support banking systems.
5. Perform periodic compliance review over Information Security to evaluate the adequacy and effectiveness of the overall information security control posture and data privacy.
6. Research on the latest threats and vulnerabilities and, where appropriate, advise the Technology team on the mitigation and remediation.
7. Review, assess, and perform penetration tests and vulnerability assessments on information systems and infrastructure.
8. Participate in investigating any security violations by providing post-mortem analysis to illuminate the issues and possible solutions.
9. Facilitate Information Security Awareness to new and existing employees and consultants regularly.

Qualifications

• Relevant degree or equivalent from a recognized University
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) is a must
• ITIL, ISO27001, and COBIT Certification are preferred
  

Relevant degree or equivalent from a recognized University

• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) is a must
• ITIL, ISO27001, and COBIT Certification are preferred
  

Relevant Work Experience

• With at least 5-8 years of working experience in a compliance function, preferably at the managerial level.
• With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc.