Sr. Manager - InfoSec Risk & Compliance

Job Title: Senior Manager – InfoSec Risk and Compliance

Department: Risk & Compliance (INFOSEC)

Reports to: Senior Director – InfoSec Risk and Compliance

Location: Clark (Hybrid)

Job Summary:

The Senior Manager – Risk and Compliance is responsible for leading and managing the organization's security and compliance framework. This includes developing policies, assessing risks, ensuring regulatory compliance, and working with senior leadership to support strategic objectives while maintaining risk within acceptable levels. This role oversees the development, implementation, and monitoring of security measures to protect information assets, infrastructure, applications, and data from cyber threats. The position collaborates with IT, legal, compliance, and business units to ensure alignment with regulatory requirements and risk management frameworks.

Key Responsibilities:

Risk Management:

• Develop, implement, and maintain enterprise risk management (ERM) policies and procedures.

• Identify, assess, monitor, and report on key business risks (information, strategic, operational, financial, reputational, etc.).

• Lead risk assessments across verticals/ departments.

• Work with business units to embed risk awareness and mitigation strategies.

• Maintain risk registers and security metrics dashboards to track and report on security posture.

Compliance Management:

• Ensure the organization complies with all relevant laws, regulations, and internal policies.

• Monitor regulatory developments and implement necessary changes.

• Design and implement a compliance monitoring plan.

Policy and Governance:

• Review and enhance internal control frameworks and governance structures.

• Develop and update compliance and risk-related policies and procedures.

• Ensure consistent enforcement of policies and compliance standards.

Training & Awareness:

• Deliver training programs to promote risk and compliance awareness across the organization.

• Support a culture of integrity, transparency, and accountability.

Reporting & Analysis:

• Provide regular reports and dashboards to the Board, Risk Committee, and Executive Leadership.

• Prepare incident reports, risk mitigation plans, and compliance updates.

Key Skills & Competencies:

• Deep knowledge of security architecture and risk management

• Strong leadership and project management skills.

• Familiarity with security tools such as SIEM, EDR, DLP, and IAM

• Understanding and experience in Change Management, Exception Management, Internal audits, client audits etc.

• Excellent communication and stakeholder engagement skills.

• High ethical standards and integrity

Qualifications and Experience:

• Bachelor’s degree in computer science, Information Security, or related field.

• 10+ years of experience in Risk Management and Cyber security

• Industry certifications such as CISSP, CISM, CISA, CRISC, CEH, or ISO27001 LA would be an advantage

• Experience in ISO 27001 compliance and audits

• Exposure to PCI DSS compliance