Share this Job

IT Security Manager

Aboitiz Equity Ventures, Inc.

Taguig, Metro Manila, PH, 1634

Posted:  Oct 25, 2021

Here at Aboitiz, success means winning together to shape a better future for people, planet, and profit. As we embrace innovation, we grow diverse industries and shape the country’s future. We create careers without boundaries for those who inspire their teams to rise with them. When you work at Aboitiz, you are part of a family committed to advancing business and communities.

Lead and manage the execution of the cyber security strategy and programs ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected through the Cyber Security Operations Center.


Lead and manage the delivery of IT security services to support the Aboitiz corporate information security strategy and programs to support and advance business objectives.


Key Responsibilities Include:


Cost Management

  • Manage the IT security budget, optimize resources to provide more value and communicate this with the appropriate parties
  • Stakeholder Engagement: 
  • Supervise, manage and lead the delivery of reliable IT Security services that are centrally managed, aligned and compliant with the Aboitiz Group IT Management and Information Security Policies and IT Security Minimum Standards.
  • Facilitate process improvements and solutions to optimize the quality of IT security controls and/or services.


Execution Excellence - Governance

  • Oversee the implementation of cybersecurity strategy and programs (include strategic, personnel, infrastructure, requirements, policy enforcement, emergency planning, security awareness, and other resources) for the protection of all information assets and measure the effectiveness and efficiency against the desired level of maturity.
  • Ensure implementation of strategic, comprehensive IT security programs to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
  • Monitor activities and ensure that updates are provided for the regular reporting on the current status of the IT security program to stakeholders.
  • Support and ensure that all information owned, collected or controlled by or on behalf of the company implemented with minimum security controls in accordance with applicable laws and other global regulatory requirements, such as data privacy.
  • Participate in committees and cross functional teams in related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
  • Liaise with external agencies and special interest groups, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.


Execution Excellence - Risk Management

  • Ensure implementation of a risk-based process for the assessment and mitigation of IT security risk and compliance in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties.
  • Facilitate the conduct of cybersecurity risk assessment and risk management process (due diligence, documentation, validation, and assessment and authorization) to assure that existing and new IT systems meet the organization's cybersecurity and risk requirements and meet the risk level acceptable to the Management or Business Units’ risk appetite.
  • Facilitate technology research to evaluate potential vulnerabilities in cyberspace systems and ensure effective design and implementation of management approved security controls to address and/or manage security risks and threats.

Execution Excellence - Cyber Security Operations

  • Manage, establish capability to detect vulnerabilities and monitor collection of information and intelligence from a variety of sources and cyber defense tools to identify, analyze and report vulnerabilities potential for exploitation and mitigate events and possible or real-time threats that occur or might occur within the network to protect information, information systems, and networks from threats.
  • Manage and lead the preparation and development of incident response plans and procedures (playbooks) to  increase in the organization's readiness state, to mitigate immediate and potential threats, and to respond to crises or urgent situations.
  • Manage and lead the investigation, analysis, response and recovery to cyber security incidents and events to ensure that business-critical services are recovered in the event of a security event and to protect corporate assets, intellectual property, regulated data and the company's reputation.
  • Manage and lead the conduct of threats and vulnerability assessments to determine deviations from the minimum standard and acceptable configurations, and assess the level of risk to develop and/or recommend appropriate mitigating control to protect all information assets.


Build Human Capital

  • Manage cybersecurity awareness advisories, trainings and initiatives to increase employee engagement/participation and awareness level
  • Develop and conduct or facilitate cybersecurity training and awareness initiatives for the different information security-related duties and responsibilities for all employees, contractors and approved system users.
  • Manage and track the team's individual development plan, activities, and training to improve capability and achieve the desired competencies.


Minimum Qualifications:


  • Bachelor's Degree in Information Systems, Engineering (Computer/Telecommunications), Computer Science/Information System/Information & Communication Technology, or equivalent
  • Minimum of 7 years working experience in IT Security (may include working experience as Systems and Network Administration), at least 3 years of management/supervisory experience
  • Proven track record and experience in developing IT security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment
  • Minimum of 3 years of experience in the Installation, Operation and Management of a Cyber Security Operations Center (CSOC).
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
  • Knowledge of common IT security management & IT frameworks, such as ISO/IEC 27001, ITIL, COBIT or those from NIST, including 800-53 and the Cybersecurity Framework

We urge everyone to be vigilant against scams that involve fraudulent offers of employment with Aboitiz Equity Ventures. Scammers are falsely claiming to be representatives of Aboitiz, offering jobs in exchange for recruitment fees. Aboitiz does not ask for money from our applicants at any point of the job application process.