Information Security Specialist


Full Time
Shopee logo
Apply now Apply later

Posted 3 days ago

Job Description:

  • Evaluate process information security risks and data privacy breaches to assess effectiveness of existing internal controls
  • Develop and maintain an effective information security, data privacy incident and breach management program that meets legal requirements and addresses operational risk
  • Develop and monitor organization practices to identify new processes or material changes to existing processes and ensure implementation of Privacy by design principles
  • Verity operational practices comply with the Information Security Management System (ISO 27001, ISMS), Data Privacy Act of 2012 (RA 10173) and Quality Management (ISO 9001)
  • Provide training and awareness to promote compliance with the Information Security, Data Privacy policy and to mitigate operational risks
  • Proactively manage IT and Cyber Security risks to ensure that IT remains aligned with business strategy, objectives and needs
  • Work closely with stakeholders to conduct IT Risk Assessments on new and existing processes, product and services prior launch and assure that material risks are appropriately identified and mitigated
  • Ensure that action plans are directed at the root cause of the identified risk/loss/ exception on IT Risk Assessments are appropriate, prioritized and sustainable to mitigate residual risks
  • Act as a second line of defense to proactively manage the risk and loss related to information & cyber security risk
  • Perform other similar and related duties as required or directed


  • Bachelor’s degree graduate of any Engineering course, Computer Science, or any IT related course.
  • Must have experience in assessing and documenting control environments showing key processes, systems and key controls
  • Knowledgeable on IT Risk Assessment, FMEA to review risk and establish controls.
  • Knowledgeable on the implementing riles and regulation of Data Privacy Act of 2012 as given by the National Privacy Commission
  • Must have 2-3 year experience in assessing Information Security Risk and Privacy Risks anchored on the ISMS Framework (ISO 27001) and Quality Management System (ISO 9001)
  • Minimum 2-3 year experience on IT Risk Management form a banking or financial technology business
  • Professional certifications (CRISC, etc.) would be a plus
  • Minimum 1 – 3 year experience in Internal and External Audit
  • Must have an understanding on Continuous Improvement principles and 5S Methodologies
  • Excellent communication and presentation skills (speaking, reading, & writing)
  • Must be keen on details, proficient in MS Office Applications
  • Able to work with a team and individually
  • Can work within set timelines
  • Amenable to work in BGC
Job tags: Banking ISO 27001 Risk assessment Strategy
Job region(s): Asia/Pacific
Share this job: