Chief Information Security Officer
He/She will ensure compliance to legal security practices.
Location: BGC, Taguig CityWork Setup: Hybrid
Department: Technology
Define and own a multi-year cybersecurity roadmap and key performance indicators focused on reducing cyber risk
Build and inspire a highly skilled and diverse Cybersecurity team. Foster a culture of trusted cross-functional partnership, service, and continuous improvement
Create quarterly, annual, and long-term cyber security and cyber risk management goals, articulate strategies, define metrics and provide necessary updates to executive leadership
Partner with leadership for the development, planning, and execution of major security initiatives. Support Yondu’s Secure Software Development Lifecycle
Collaborate with the SOC team and ISO 27001 Core team to establish appropriate security standards and provide an effective governance structure to ensure cyber compliance and accountability
Lead Security Incident Response, Third Party Information Security Assessment, Data Protection and Encryption,Identity & Access Management and Privileged User Access to protect customer and employee data
Define cyber security governance and control strategies for emerging technologies such as cloud & containerization, blockchain, etc.
Keep well informed of developing security threats, and proactively create strategies to understand and mitigate potential security problems that might arise from acquisitions or other big business moves
Other job-related activities may be assigned from time to time.
Related Work Experience - Key Industry certifications in Information Security, such as CISSP, CISM and CISA
Knowledge – Knowledgeable in security and operations processes.- 15+ years of experience in Information/Cybersecurity in a public or large private technology company with a global customer base
- 7+ years people management experience with hands-on experience building diverse teams while promoting an inclusive organization
- A demonstrated knowledge of information security standards (e.g., NIST, ISO-27001), rules and regulations related to information security and data confidentiality (e.g., PCI, NIST, NSA) and other various security standards and policies
- A strong understanding of Cloud Security Mode and key principles, such as CSPs Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation
- Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics for understanding and critical decision making by Executive Management and the Board
- Ability to understand not only emerging industry trends as far as cyber security is concerned but also the landscape of emerging threats, making appropriate adjustments within the cybersecurity program