Job Description
Job Title Information Security Lead
Job Level
Senior Manager / AVP Reports to Technology Operations Head
Division One Operations Supervises Yes
Department Information Technology
Section (if applicable) Technology Operations
Location Philippines Date of Last Revision 10 October 2024
Job Summary
BISO is a senior cybersecurity leadership position intended to bridge the gap between security and business interests. BISO is responsible for developing and maintaining the organization’s security posture, managing risk, ensuring compliance, overseeing security training, cybersecurity, and investigating security incidents.
Job Accountabilities
1. Technical Guidance
a. Manage and Ensure compliance with local technology related regulatory requirements and GGM policies
b. Performs self-assessments and provide attestation of compliance to technology related GGM policies
c. Manage technology and cybersecurity incidents
d. Manage technology and cybersecurity RCSA for and scenario analysis as first line owner
e. Prepare and submit technology and security update for management reporting
f. Review BISG metrics and address any control gap identified
g. Facilitate GISP solution implementation within LBU
h. Facilitate technology and security related audit
i. Oversee IT & security budget spending
j. Conduct technology and cyber security training to relevant stakeholders
k. Reviews and approves enhances access (e.g., Cloud Storage, SFTP, RMD, etc.)
l. Review TISQ in Coupa as part of vendor onboarding or renewal process
m. Prepares and completes regulatory required documentations - e.g., Risk and Materiality
Assessment, Critical System Assessment, Cloud Risk Assessment, Cloud Consultation Presentation, Internet Insurance Attestation, etc.
n. Manage the remediation of security-related issues raised by GISP teams.
o. Perform analysis and necessary coordination with relevant teams on the timely remediation of security related KRIs that falls below acceptable threshold.
p. Review and approve requests related to Email and Website access whitelisting.
q. Attend the Weekly BISO Roundtable, Monthly Assurance Taskforce, and Quarterly Business Review meeting facilitated by GISP.
r. Review, approve and release valid quarantined emails.
s. Review and approve security-related dispensations.
t. Review and approve Security Design Checkpoint (SDC) related requests
u. Manages and Conduct Third Party Security Assessment
v. Manages day-to-day activities in managing Technology risk.
w. Manages and ensures compliance with Privacy laws. Performs day-to-day activities in managing
Privacy risk (technology and non-technology related).
2. Architectural Leadership
Collaborate with other IT / Business Functions in managing technology and security incidents
3. People Leadership
Responsible for learning and development, coaching and mentoring, and performance management of his/her team.
4. PRUAgilist Champion
Job Competencies (samples below)
Competency Proficiency Level
(refer to table below)
Description
Product, Project and Portfolio Management 4 Knowledge on technology & security
Leadership 4 Can manage a team and a team player
Vendor Management 4 Vendor management capability
Interpersonal Skills and Communications 4 Good communicator
Business Fundamentals 3 Knowledge in Insurance business
Enterprise Risk Management 4
Agile Ways of Working 4
Human Capital Management 4
Business Development 4
Application Lifecycle 4
Architecture 3
Data and Analytics 3
Development and Coding 1 Nice to have but not necessary
Infrastructure 3 Understand servers, databases,
networks, clouds, etc
New Technologies 3
Dev Sec Ops 3
Competency Proficiency Level
(refer to table below)
Description
Enterprise Solutions 3
UI/UX/CX/Design/Ergonomics 3
System Integration and Interface Management 3
Tech Strategy and Service Delivery 4
Security and Cyber Security 4 Main role
Proficiency Level Definition
1 – Basic I have heard about it, but I have never learned the theory in details
2 – Intermediate I have learned the theory and can use what I know to practice under supervision or to work with experienced peers
3 – Advanced I have demonstrated that I can deliver/operate on the job, with little to no support
4 – Expert I can perform on any project, I can tackle complex issues on the topic, I can teach
others and I can write articles
Job Specification
Education
Professional Qualifications/Licenses
Bachelor’s degree in information technology, Computer Science or other related courses with 10 years minimum work experienced as Business
Information Security Officer. Insurance background is added advantage
Knowledge (Certification - Technical, Product, Industry, etc.)
Agile Methodology
End-to-end Software Development Lifecycle experience
Certifications (CISSP, CCSP, Project Management, CRISC, CISM, Security+)
Skills critical to job success
Experience in one or more of the following:
Agile Strategy / Agile Transformation / Agile Operating Model
Lean Software Development Lifecycle
Fosters agile mindsets and behaviors, championing and influencing a culture of growth, self-leadership, and development.
5. Problem Solving and Decision Making
Leads solving complex problems and challenges that require the highest competency level as an expert in collaboration with key business stakeholders, tribes, and squads within the organization.
6. Perform other functions as may be assigned.
Problem Solving and Decision Making
Scrum Master / PMP Certification is an advantage but not required.
ITIL v3/4 Certification is an advantage but not required.
Years of Relevant Work Experience
(State if management experience is required)
At least 10 years minimum overall related experience to IT Security, Cybersecurity, Operations Risks Management. Manages his/her own team of IT security practitioners.
Job Types: Full-time, Permanent
Schedule:

• 8 hour shift
• Day shift

Experience:

• IT Security, Cybersecurity, Operations Risks Management: 10 years (Required)
• Business Information Security Officer: 10 years (Required)