Information Security Manager – Fast Growing BPO
Client is a customer service and business process outsourcing company. We are currently hiring for an Information Security Manager/ Data Protection Officer (DPO) who will be responsible for the overall management and oversight of data protection strategy and implementation by personal information controllers (PIC) and personal information processors (PIP) as well as compliance with the DPA, its Implementing Rules and Regulations, related issuances of the National Privacy Commission (NPC), and other applicable laws and regulations pertaining to data privacy and security such as GDPR.DUTIES & RESPONSIBILITIES
- Monitor compliance with the Data Privacy Act, issuances and guidelines by the National Privacy Commission.
- Serve as a contact person of government entities and private individuals relating to all matters concerning data privacy and security issues or concerns.
- Inform, advise, and issue recommendations to management relating to data processing activities
- Check for compliance of 3rd party service providers of whom uses the data of the organization and its customers as well as any relative Data Sharing Agreement and other contractual obligations.
- Conduct Privacy Impact Assessments with regard to the organization’s internal systems as well as its products and services.
- Handle questions and complaints addressed to the organization from the data subjects relating to their information being held by the organization.
- Prepare and create an incident management system and submission of relevant documents to the NPC in the event of a suspected or actual data breach.
- Set enterprise-wise vision, strategy, and roadmap for information security
- Develop information security policies, standards and guidelines in line with recognized international standards such as ISO27001 and PCI
- Establish and operate the information security infrastructure and toolset
- Drive regular identification and remediation of vulnerabilities
- Identify critical assets and ensure tiered risk-based protection across the footprint
- Ensure that security processes (including those of external service providers) are conducted in line with corporate social responsibility, environmental and technical policies and applicable standards and legislation.
- Implement and manage information and cyber security management status reporting, metrics, and benchmarks.
- Strategically develop and manage relationships with major vendors and service providers to ensure they cost-effectively meet the needs of the organizationQUALIFICATIONS
- Bachelor’s Degree in computer science/Business Administration/Information Technology or related field.
- Holds relevant industry certifications (CISSP, CISM, CISA).
- Minimum of 5 years of Information Security experience is required.
- Knowledge and skill in applying data privacy or data protection guidelines.
- 5 years managing IT, information security, or risk teams with a record of success indicated by career advancement.
- Strong familiarity with relevant information security frameworks (ISO27001, NIST, CIS 20).
- Proficient in MS Office Application (Excel, Word, PowerPoint)
- Must be a critical thinker and analytical
- Superior Organizational Skills and attention to details
- Team player who works productively with a wide range of people