Information Security Officer

Job Summary:

The Information Security Officer (ISO) is responsible in implementing and managing Information Security across OMLF Group

• Formulates, reviews and updates the Information Security Strategic Plan (ISSP) and Information Security Program (ISP) of the Information Security Office and recommends/obtains approvals from the ITSC, ROC and from the Board when necessary.
• Implements and manages the duly approved ISSP and ISP
• Prepares business cases for certain security control technologies, products and arrangement for Senior Management and Board of Director’s approval
• Educates, informs and reports to the Senior Management and Board of Directors relevant security issues and concern
• Enforces compliance to the Information Security policies, standards, procedures and guidelines for the Company
• Develops and updates Information Security policies, standards, procedures and guidelines for the Company
• Communicates Information Security policies, standards, procedures, and guidelines to all business units
• Directs the daily activities of the Information Security Office ensuring that the functions and responsibilities of the unit are met and information security policies and controls are implemented.
• Reviews Information Security Awareness Training materials, HR Training Unit shall ensure that information security policies, standards, procedures, and guidelines are properly communicated and understood across the company
• Conducts enterprise Information Security Risk Assessment
• Monitors threats and vulnerabilities to ensure enterprise-level business continuity
• Reviews access privileges assigned to individual users to ensure that access given to an authorized user is within the scope of his/her defined access matrix and/or job function
• Reviews logs from the firewall security, servers and system application for any security-related incidents and breaches
• Reviews security vulnerability assessment of servers, network components and other related technology infrastructure
• Reviews the Risk Self-Assessment (RSA), Business Impact Analysis and Departmental Business Continuity Plan of the Information Security Office.
• Reviews the draft of contracts, licenses, and agreements entered into by OMLF with concerns to Information Security.
• Reviews and recommends the security requirements for new systems and applications, systems under major revision, or newly acquired systems subject for promotion to production.
• Performs all other related duties as may be assigned by the President from time to time
• Reviews the Minimum Baseline Security Standard configuration to OMLF systems, applications and network devices periodically.

Others:

• Acts as secretary of the Information Technology Steering Committee (ITSC)
• Acts as assistant secretary of the Business Continuity Management Committee (BCM Committee)
• Performs such other functions as may be required by the Credit Risk Management Department Head from time to time

Qualifications:

• Bachelor’s degree in Computer Science, Information systems or cybersecurity or related field
• Proven track record of at least 7 to 10 years’ experience in information security, risk management, incident response, vulnerability assessment, networking, server administration, and project management is preferred
• Solid understanding of security frameworks, operating systems, and network protocols
• Experience in a leadership role, such as managing a team or developing security programs
• Experience with incident response protocols and security breach management is essential
• Ability to analyze security risks, identify vulnerabilities, and develop effective solutions
• Strong written and verbal communication skills