IT Security Manager
- Makati, Philippines
- Full time
- To oversee the operations of the Enterprise Operations Security solution by taking responsibility for developing, maintaining, monitoring compliance of all Enterprise Operations Security policy and procedures.
- In charge of the Enterprise Operations Security Management function, providing line management, leadership and strategic direction for the function and liaising closely with other managers. Perform security risk analysis and risk management, manage security penetration and vulnerability testing, manage internal audits on enterprise operations security processes, controls and systems.
- Bring the organization’s Enterprise Operations Security risks under explicit management control through the Information Security Management System by establishing an enterprise security stance through policy, architecture and training processes. This will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments and collaborating with the Enterprise Security Architects to deliver future improvements to the Press security posture.
- Leadership and strategic direction for the function, ranging from planning to activities expounding the value of Enterprise Operations Security.
- Liaison with and offers strategic direction to related governance functions (Physical Security/Facilities, Architecture (Security and Enterprise), Business Systems and Infrastructure, Business Platform Development, HR, Audit and Legal) plus senior and middle managers throughout the organization as necessary, on Enterprise Operations Security matters such as routine security activities, emerging security risks and control technologies
- Minimize or eliminate risk by developing policies and procedures that encourage secure working and protect data.
- Setup procedures and automated processes to monitor the status for computers and networks for unusual patterns of behavior
- Implementation of necessary Enterprise Operations Security policies, standards, procedures and guidelines, in conjunction with the Security Committee
- Assess the operational efficiency, compliance to industry standards, and effectiveness of the organization’s security design and strategies
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations
- Leads or commission suitable information security awareness, training and educational activities
- Leads or commission Enterprise Operations Security risk assessments and controls selection activities
- Develop and manage global information security services that will provide the security functionality required to protect the organization’s information assets against unauthorized disclosure, modification, and destruction
- Develop and manage information security strategies that can adapt to the organization’s diverse and changing technological needs
- Work with the Business and Business Process owners to educate them on the threats, vulnerabilities, and available risk mitigation strategies
- Produce high quality process documentation that communicate security steps
- Help the architecture function maintain the Information Security Management System (ISMS), associated policies and supporting standards
- On an ongoing basis, manage day to day security requests and operations
- Manage all identity and access control processes for all internal systems (ITIL v3 Access management process owner)
- Manage identity and access for 3rd party collaborators, business partners and freelancers
- Report on key metrics across security function
- Manage user permissions and segregation of duties
- Review and document perimeter security functions
- Monitor and contribute to the management of all outsourced security services
- Monitor and escalate detected security incidents
- Help review root cause analysis of security incidents and recommend improvements
- To use consulting and analytic skills and information gathering techniques to investigate logical and physical solution architecture that span corporate IT systems
- Lead cross-functional Enterprise Operations Security projects
- Promote security awareness and education
- Technical experience in information systems architecture, design and development, physical and data security, telecommunication networks, auditing techniques, and risk management principles
- In-depth technical knowledge of information processing platforms, operating systems, and network in a global distributed environment
- Strong understanding of modern IT security threats and operational measures to counter them
- Knowledge of IT security frameworks, Risk Registers and methodologies
- Experience of web based technologies and platforms such as Azure and Amazon AWS
- Experience of working in a service management culture based on ITIL best practices and processes
- Knowledge of IT Security related software solutions, including identity management
- Exper1ience of a broad array of different information security technologies, including firewalls, IDS/IPS solutions, data encryption, network access control, web/email filtering, anti-virus and security penetration testing
- Ability to document processes and procedures clearly, concisely, and for a range of target audiences
- Understanding of security related technologies including Active Directory, SAML, Kerberos, Window/Linux infrastructure, ERP Platforms, Amazon AWS and Oracle security.
- CISSP/CISM or similar IT Security certification
- Experience in working within a book or journal publishing environment
- ISEB Principles of Information Security or similar certification
- Experience in database systems such as MS SQL Server, MySQL, Oracle, etc.
- Experience in web servers such as IIS, Apache
- Experience in ERP Solutions such as SAP
- Experience in Unix/Linux and Microsoft Operating Systems
- Development of Security Metrics
- Exposure to PCI-DSS standards and implementation
- Experience with ISO 27000 and PCI-DSS standards and exposure to Security Operations Center (SOC)
- ITIL v3 Foundation qualification
Perks and Benefits
Feel secure when applying: look for the verified icon and always do your research on a company. Avoid and report situations when employers require payment or work without compensation as part of their application process.