SECURITY OPERATIONS MANAGER | IT | SB FINANCE | MAKATI

About Security Bank

We are the Philippines’ largest independent bank, having won countless awards over the years including the most prestigious industry award in both 2015 and 2016—the Bank of the Year – Philippines by The Banker.

We’re changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.

Now, with more than 300 branches spanning the country, BetterBanking has become the gold standard in improving the banking lives of millions of Filipinos. But we’re far from done.

In our constant pursuit of excellence and improvement, we create teams that support our business and each other.

The Role

As Security Operations Manager, you will be responsible for the development and implementation of strategies to help protect the assets of the company by driving the information security and cybersecurity strategy of an organization, inspecting the facility's condition, the performance and optimization of operational tools and equipment, and the compliance of workstream processes to the safety regulations and protocols of the company

How you'll contribute

• Design and implement security objectives aligned with the business objectives of the organization and implement the information security cybersecurity framework of the SBF relevant to the function of the Technology department
• Oversee the execution of periodic vulnerability assessment and penetration testing activity, both internal and in coordination with the third party
• Oversee the assessment of the applicability of information security threat advisories coming from legitimate sources and determine existing mitigating controls and suggest action plans, as needed. (e.g., BAPCID, Security Operations Center, Threat Intelligence organizations
• Collaborate with other Technology Department ensuring that industry-accepted security practices are implemented. (e.g., IT Operations, IT Service Delivery)
• Oversee delivery of contracted services and ensures services are delivered within the agreed service level for Security Operations Management tools such as but not limited to 1. Security Information and Event Management 2. Incident response 3. Threat Hunting 4. Vulnerability Management 5. Cyber Forensics 6. Operation Technology Security 
• Oversee delivery of contracted services and ensures services are delivered within the agreed service level for Infrastructure Management and Operations tools such as but not limited to  1. On-Premises and Cloud next-generation firewall 2. Intrusion Prevention Systems 3. Cloud Proxy 4. Advanced Threat Protection 5. Encryption software 6. Privileged Access Manager 6. Endpoint Security 7. Identity and Access Management 7. Network and Endpoint Detection and Response 8. Cyber Asset Attack Surface Management 9. Static application security testing (SAST) and Dynamic Application Security Testing (DAST) 10. Runtime Application Self-Protection (RASP)
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring of information security and cybersecurity incidents
• Ensure that the system requirements of the various business applications are provided for, innovations and new technologies are tested and implemented
• Ensure all SBF-owned IT assets of the focus areas are integrated with the company’s cybersecurity control and vulnerability management system enrolled in Fixed Asset Registry
• Ensure mobile security operations management, enforce secure authentication, reduce the attack surface, lock down devices, control OS updates, manage app permissions, apply data loss prevention policies, provide conditional access to business data, and achieve regularity compliance

What we’re looking for

• Graduate of Bachelor's BSIT, Computer Science or related field or equivalent work experience with at least 5 yrs relevant experience
• Security leadership, with experience building long-term career development plans for team members at all levels
• Proficient in Security Device Management, Threat Management, Incident Management, and Response
• Familiarity with OWASP Top 10 Web Application Security Risks, Mobile Risks, Best Practice, and Mitigating Controls
• Experience in designing, implementing, and measuring relevant security and technology management critical success factors, key performance indicators, and metrics
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management, miter att&ck framework, and cyber kill chain
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Mac
• Knowledge of applications, databases, mobiles, and middlewares to address security threats against the same
• Proficient in preparation of reports, presentations, dashboards, logs, and documentation
• Excellent leadership and communication skills Able to translate complex technical risk incidents into an easy-to-understand risk scenario
• Ability to handle high-pressure situations with key stakeholders

#LI-ST1

#LI-Hybrid