IT SECURITY AND COMPLIANCE MANAGER
SpinifexIT is looking for IT Security and Compliance Manager who will join their growing team in BGC, Taguig City.
SpinifexIT is an SAP Certified Partner specializing in offering solutions that augment and make using the SAP HCM technologies and ERP system faster, better and easier.
Our market-proven solutions for SAP HCM and Payroll improve processes by filling functional gaps in the SAP ECC 6 ERP and SAP SuccessFactors systems.
SpinifexIT solutions especially help end-users to further leverage their SAP and SAP SuccessFactors system investments for the direct benefit of the organization, key HCM stakeholders, and staff.
The IT Security and Compliance Manager will provide leadership and direction in the day-to-day management and execution of all Governance, Risk and Compliance activities which include providing risk oversight, managing the company and compliance programsandoverseeingtheongoingexecutionofriskassessmentsandtestingofkeycontrols.
This position will develop and maintain a strategy for managing security-related audits, compliance checks and external assessments related to Software and other applicable industry standards.
The position will also manage the company's third-party management program performing relevant due diligence and annual vendor recertification. Additional responsibilities include design, implementation, and facilitation of risk metrics and maturing company security awareness programs. Lastly, the IT Security and Compliance Manager will be responsible for the management of our internal IT team.
Key areas of specific responsibilities include:
- ISO certification and SOC compliance
- Enterprise-Wide Security Strategy and Maturity development
- Corporate Compliance and Risk Management
- Third Party / Cloud Security Assessments
- Application Compliance Assessments
- Develop a Security Awareness Program
- Drive the Company towards the ISO certification and prepare the path for future Compliance requirements
- Build the necessary internal communication, provide and spread global awareness as well as corporate training to the entire company - including Top Management- for any IT and Security compliance-related policies, processes and procedures.
- Manage the entire compliance by ensuring all assessments are in place duly documented in the agreed timeline
- Manage the 3rd party providers for planned Security Audit And Penetration tests
- Contributes to team, department and/or business results by performing more complex quantitative and qualitative analysis for business processes and/or projects. This can mean leading to managing and executing small projects, business processes or parts of larger ones.
- Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.
- Assists more senior associates in achieving business results by: ○ identifying opportunities to enhance the effectiveness of business processes. ○ providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution including Incident Management process ○ participating in setting department operating plans. ○ achieving results against budget within the scope of responsibility.
- Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge based on market intelligence
- Performs other duties as appropriate.
As Security and Compliance Manager, you are expected to do the following tasks:
- Responsible for the effective implementation of Information Security policies program and mandate to ensure the confidentiality, integrity and availability of SpinifexIT Philippines information assets.
- Participate in developing and maintaining the overall Governance Risk and Compliance management process and strategy.
- Manage the SpinifexIT vendor compliance certification program to assess new and existing vendors through initial contracting, performance of security due diligence and ongoing recertification efforts.
- Lead the company risk review policy exception program. Manage the program, document meeting minutes, identify risks, assign risk ratings and execute the program in accordance with the defined procedure.
- Bring support on infrastructure related security topics and ensure reliability of local entities feedback by performing security assurance testing Plan and execute Information Security risk assessments across the Enterprise in accordance with industry standards.
- Apply qualitative and quantitative measures to calculate and support risk ratings.
- Collaborate with executive management and department leaders to assess risk posture and concerns.
- Serve as subject matter expert to internal business and technology teams on range of risk management activities and industry best practices.
- Define and measure risk metrics to demonstrate IT risk management activities, including monthly dashboards, metrics, and reporting.
- Participate in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives.
- Partner with Security Awareness teams to proactively promote enhanced security controls and training across IT and business units.
- Maintain knowledge of external security standards and assures that the SpinifexIT environment retains compliance with up to date security standards and principles
- Interface with Internal Controls, Internal Audit, and External Auditors as required to satisfy any audit-related policy and compliance deliverables or work items.
- Monitor and validate progress on the remediation implemented to address outstanding issues/vulnerabilities
- Take the corrective action needed to meet the standards required by the security policy, procedures, network architectures, and software design
- Oversee certification and ensure that it is always up-to-date (ISO 270001, audit, compliance, etc.)
- Ensure a seamless response to the needs of business units, IT staff, and local and managers
- Promote security awareness program on secure coding and systems development life cycle
- Other tasks or duties that may be assigned in line with the Information Security Program
- ● Work with business partners and assist them in the interpretation of security policies, standards, and associated guidelines
- Work cross-functionally with infrastructure teams to identify and assess technical risk and associated remediation requirement
- BA/BS in business or computer science or appropriate work experience is required.
- Master's degree in Information Security or similar IT related specialization is also highly desired for this position.
- 7+ years' work experience in IT, IT Security, Audit and or IT Governance experience
- 7+ years' work experience of cloud security principles
- Experience in IT Security Technologies
- Knowledge of regulatory requirements and industry standards (ISO 27001) is a must
- Understanding of Security Access Controls
- 5+ year experience in a management role or a similar position or having equivalent skills and experience is highly desired
- Certification - any related Certifications in the IT and Compliance will be a plus
- Knowledge of regulatory compliance, standards, and frameworks such as ISO.
- Proven understanding of information security risk assessment and risk management procedures and methodologies.
- Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls.
- Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
- Functional understanding and knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).
- Working knowledge of UNIX and Windows operating systems.
- Excellent verbal and written communication skills [English]
- Experience leading the work of others.
- Strong organizational skills with attention to detail.
- Ability to react to high-pressure dynamic changing environments.
- Ability to multi-task, problem solve and meet deadlines.
- Ability to develop effective cross-functional relationships
- Ability to work in a fast-paced, matrices environment
- Ability to communicate effectively with all levels of management
- Ability to translate security risks into business terms
- Results oriented and operations focused
- Strong organizational skills
- Excellent communication skills