IT Risk and Security Officer

See more job openings in Finance and Accounting


The first stand-alone global technology fund in the Philippines.


• Design information security and privacy requirements of ATRAM, in line with the Data Privacy Act, e-Commerce Law, Anti-Money Laundering Act, and other applicable regulations of various regulatory bodies such as BSP, SEC, AMLC
• Research and recommend security measures to be included in the installation of packages or new application programs.
• Develops and implements an active risk assessment program focused on information security and privacy matters.
• Recommends methods for vulnerability detection and supervises vulnerability testing.
• Plans and schedules activities and/or tasks pertaining and/or relating to information security and privacy compliance and regularly report results Head of RMC.
• Routinely administers and monitors measures to ensure that ATRAM’s information facility, both physical and logical, is protected from potential breaches, threats and/or hacks emanating from either within or outside the enterprise.
• Coordinates the development and delivery of educational and training programs on information security and privacy matters for employees, authorized users and other stakeholders.
• Reports incidences, identifies recurring problems and initiates change requests meant to prevent the recurrence of breaches against information security and privacy.
• Takes part in all Recovery exercises such as, but not limited to, Business Continuity Planning, Disaster Recovery, Emergency Responsiveness, etc.
• Ensures that all reported and/or recorded deviations against approved security and privacy policies and procedures went through Root Cause Analysis (RCA). Ensures that the RCA is a standard attachment to all reports concerning deviations.
• Coordinates the development of ATRAM information security and privacy policies, standards and procedures (or SOP – standard operating procedures).
• Works with various business units in the development of policies or SOPs, as well as on compliance issues involving breaches against record access and data privacy.
• Ensures that ATRAM policies are compliant with regulatory requirements and best practices.
• Oversees the enterprise-wide dissemination of information security policies, standards and procedures including to officially covered entities such as partners, franchises and affiliates.
• Develops and implements an Incident Reporting and Response System to address ATRAM information security breaches, response to alleged policy violations and/or complaints from external parties.
• Serves as the official ATRAM contact point for information security, privacy and copyright infringement incidents, including liaising with law enforcement authorities.
• Keeps abreast on latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities that may pertain to and/or affect ATRAM and its business interests.
• Institutes internal safeguards on funds, assets, company properties and recommending improvements to maximize efficiency of office facilities and equipment.
• Maintains an organized filing system.
• Recommends new and enhancing work processes in close coordination with various business unit heads to provide corrective actions to recurring problems including complaints, as well as preventive actions to avoid potential problems from occurring.
• Performs tasks that may be assigned either individually or as a part of a committee.
• Act as active back-up in the performance of all other functions performed in Risk Management and Compliance Unit, and all other tasks that may be assigned by the Head of RMC from time to time.


• Must have at least five (5) years experience in Information Security, Information Technology or other related field
• Must be a graduate of a Bachelor’s degree in Computer Science, Mathematics, Engineering or Statistics.
• Licensed and/or Certified (e.g., CISSP) is ideal but not required.
• Preferably knowledgeable or familiar in preparing training instruments (Lesson Plan, Course Outline, Training Manuals or Manuscripts).
• Familiar with Cyber Forensics
• Experience in developing and administering an information security program is desirable.
• Working knowledge of and experience in the policy and regulatory environment of information security
• Excellent project management, written and oral communications skills desired.
• Ability to work collaboratively with a broad range of constituencies is essential. A demonstrated ability to work with diverse groups of people is required.
• A self-starter; able to work independently with little supervision


Until August 2019!


More Job Openings

Share this post:

Take the first step today

Start your journey to a fulfilling career right here. Apply for a position by sending us your resume today. Your dream job is just a click away!