Lead, Governance, Risk & Compliance (GRC)

Makati, Metro Manila, Philippines Information Security & Data Protection Office

JOB PURPOSE:

• The Lead - Governance, Risk & Compliance (GRC) will serve as a critical member of the GRC department within the Governance & Assurance Division, reporting directly to the Head of GRC.
• This role is responsible for executing information security governance, risk management, and compliance initiatives, ensuring the organization's adherence to industry standards and regulatory requirements.

DUTIES & RESPONSIBILITIES:

• Governance Excellence
  • Implement and enhance information security governance frameworks in alignment with organizational objectives.
  • Drive initiatives to establish and maintain effective IS governance structures, ensuring clarity and accountability.
• Lead the identification, assessment, and prioritization of information security risks and performance metrics.
• Develop and implement risk management action plans to safeguard organizational assets and information.
• Compliance Oversight
  • Ensure adherence to relevant regulatory requirements and industry standards through periodic monitoring.
  • Conduct periodic compliance audits and assessments, providing actionable recommendations for improvement.
• Policy Development and Implementation
  • Develop, update, and communicate information security policies and standards.
  • Ensure comprehensive understanding and adherence to established policies across the organization.
• Training and Awareness
  • Implement programs to educate and raise awareness among staff regarding information security policies and best practices.
  • Collaborate with the training department to design targeted security awareness training sessions.
• Collaborate with the incident response team to ensure seamless integration of GRC initiatives into incident response planning.
• Assist in the development and maintenance of incident response plans related to governance and compliance

QUALIFICATIONS:

• BS/BA in ICT, Computer Science, any related field and equivalent work experience
• At least (2) Professional Security certifications (e.gs., CISSP, CISM)
• PCI-DSS, ISO27001, NIST Cybersecurity Framework, Data Privacy program implementation experience
• Experience working in security at a banking industry or similar environment
• Must have experience in managing small to mid-size team. Demonstrable people leadership skills.
• Excellent verbal and technical writing communication skills.
• Work experience in Information Security, Network Security, IT Security, Cybersecurity, IT Risk Management, or related role.