General Objective of the Job
The Information Security Compliance Analyst will support in overseeing information security and IT risk management programs based on industry-accepted information security and risk management framework and ensure D&L’s compliance with relevant government and industry legislations and regulations. The role will also collaborate with different business units and control owners to ensure controls and correctly designed periodic test are performed, and evidence is gathered.
Duties and Responsibilities
- Assist in the development and implementation of information security policies, standards, guidelines and procedures
- Conduct periodic evaluations of internal control systems, document the results, make recommendations to remediate the identified risks, and monitor strategies to remedy information security control deficiencies
- Conducts information security education, training and awareness activities for general users such as new hire orientation, annual training, creation of security reminders/advisories.
- Initiate changes in policies and procedures due to new or revised regulations
- Maintain regulatory evidence including policies, standard training, and compliance monitoring
- Defense in-depth methodology when assessing the effectiveness of controls including deployment of compensating controls
- Manage information asset inventories
- Facilitate control testing in form of vulnerability assessment, risk assessments, penetration, and social engineering testing.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Stay current with the latest cyber security threat landscape and notify IT teams of applicability to the Company’s systems
- Other duties and responsibilities that may be assigned.
Qualifications
- Bachelor’s Degree in IT, Management Information Systems, or related field is preferred
- Minimum of 4 years experience in an IT audit / risk management / compliance role / information security policy authoring process
- Knowledgeable in various compliance frameworks and regulations (DPA, GDPR, PCI, NIST, ISO 27001, SOC 1/2, as well as audit management)
- Highly self-motivated and directed professional with keen attention to detail
- A high degree of organizational, analytical and critical-thinking skills
- Ability to influence across all levels of the organization
- Penetration Testing and Vulnerability scan analysis and remediation experience
- Excellent interpersonal communication & presentation skills.
- Must have the ability to work as a team member and independently.
- Strong project management skills
- Amenable to work in Calle Industria, Bagumbayan, Quezon City