285 Cism jobs in the Philippines

The Information Security Manager evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements.

Position Responsibilities:

• Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness.
• Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements.
• Evaluates the organization's compliance with preferred cybersecurity frameworks.
• Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
• Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues.
• Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented.
• Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders.
• Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action.
• Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team.
• Ensures compliance with applicable security policies and standards.
• Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization.
• Provides professional advice – takes a lead role of process or program execution.
• Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others' deliverables.
• Work is guided by cascaded policies or business plans.
• May lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests.

Required Qualifications:

• Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulations
• Experience performing compliance and control testing assessments
• Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls
• Proficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworks
• Understanding of cloud computing security principles and leading practices
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization
• Knowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanism

Skills:

• Cybersecurity
• Security Compliance
• IT Controls
• IT Audit
• IT Regulatory Compliance
• Risk Assessment
• Control Testing

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

• Lead the design, implementation, operation and maintenance of the Information Security Management System based on standards, including certification when required
• Maintain information security standards and procedures in compliance with risks assessments and current business requirements.
• Act as an internal consulting resource on information security issues.
• Facilitate the information security risk assessments
• Review compliance with the information security policy and associated procedures on ongoing basis via monitoring tools and report from annual security audit to the CIO and other stakeholders
• Coordinate and be active in information security efforts within and across various business units, and cooperate with the IT, HR, legal, financial, and executive offices
• Provide periodic reporting on information security issues to CIO and management and to the information security Steering Committee
• Coordinate security orientation and security awareness programs
• Cooperation with third parties providing outsourced IT security services, e.g. e-mail anti-virus and anti-spam, firewalls, intrusion detection/prevention system, etc.
• Co-ordinate responses to Information security events
• Ensuring adequate security for existing and new information systems
• Maintain awareness of changes in the industry and propose recommendations to improve the organization's computer systems
• Facilitates the configuration of network intrusion detection and prevention sensors and other information security monitoring infrastructure.
• Collects, assesses, and reports upon relevant threat intelligence / actionable security information and appropriately modifies tactical operations
• Performs analysis and response to Tier I & II security relevant alerts and events
• Assesses network traffic patterns and session data for indicators of malicious activity with assistance
• Plays a strong supporting role in prompt and effective response to information security incidents
• Performs operational assessment, prioritization, and remediation of enterprise vulnerabilities and exposures
• Supports of forensic investigations and penetration testing activity
• Assists with executing remediation plans for any gaps reported in audits or recommended process improvements that effect core information security services
• Orchestrates network security efforts between operations and application support groups while working with both full time and contractor/consultant resources
• Perform other duties as assigned

People and Development

• Demonstrates and reinforces the leadership behaviours and basic people skills minimum necessary to gain commitment form subordinates.
• Manages, motivates, and evaluates the IT assigned team, including recruiting, retaining, developing and coaching.
• Communicates and implements corporate policies and procedures.
• Interest and willingness to mentor junior team members

Qualifications:

• Bachelor's Degree in Computer Engineering, Bachelor's degree in MIS / Business / IT or a similar subject with strong exposure to information technology.

• At least five 5 years of related experience or in a similar capacity

• Related Certification is a plus

• Knowledge of ISMS and IT Security processes
• Experience in working in a multinational company
• Ability to identify the work required and organize, facilitate and / or perform the work with only minimal guidance from IT leadership management.
• Excellent communication skills
• Excellent analytical skills
• Amenable to work in Head Office (Albay, Bicol)

The Information Security Manager is responsible for safeguarding the organization's information assets by implementing, managing, and overseeing the company's security policies, protocols, and procedures. This role involves identifying and mitigating security risks, ensuring compliance with industry standards, and leading efforts to protect sensitive data across all digital platforms.

1. Assess risk and ensure security systems and operations comply with organizational and regulatory requirements
2. Lead the development and execution of security strategies and policies
3. Responsible for day to day execution of security policies and procedures. Using monitoring tools to identify threats and incidents
4. Analyze, design, manage and deliver the services required to minimize the negative impact of security incidents and restoring normal service operation as quickly as possible

Roles and Responsibilities

• Advise appropriate senior leadership on risk levels and changes affecting the organization's cybersecurity posture.
• Work with the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risks.
• Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.
• Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization's mission and goals.
• Continuously validate the organization against policies, guidelines, procedures, regulations, laws to ensure compliance.
• Interpret patterns of noncompliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Identify alternative information security strategies to address organizational security objective.
• Ensure that cybersecurity requirements are integrated into the continuity planning for systems and/or organization(s).
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
• Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.
• Participate in the development or modification of the computer environment cybersecurity program plans and requirements.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Recognize a possible security violation and take appropriate action to report the incident, as required.
• Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
• Collect and maintain data needed to meet system cybersecurity reporting.
• Identify information technology (IT) security program implications of new technologies or technology upgrades.
• Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle.
• Lead information security risk assessment during the Security Assessment and Authorization process.
• Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
• Provide system-related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.
• Promote awareness of security issues among management and ensure sound security principles are reflected in the organization's vision and goals.
• Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.
• Oversee the information security training and awareness program.
• Manage the monitoring of information security data sources to maintain organizational situational awareness.
• Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.

Core Competencies:

• Business Continuity
• Computer Network Defense
• Database Administration
• Encryption
• Enterprise Architecture
• Information Systems/Network Security
• Network Management
• Operating Systems
• Policy Management
• Risk Management
• Technology Awareness
• Threat Analysis
• Vulnerabilities Assessment

Additional Knowledge Areas:

• ISO 27000 – NIST – CIS – Data Privacy

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Proven experience (5+ years) in information security management, IT risk management, or similar roles.
• Strong understanding of current IT threats, security protocols, and industry best practices.
• Professional certifications such as CISSP, CISM, or equivalent is an advantage.
• Excellent leadership, communication, and project management skills.

About DAVI

Data Analytics Ventures Inc. (DAVI) is the Gokongwei Group's loyalty and data analytics company, specializing in deep-dive data analysis to enhance business processes and customer experiences. Leveraging rich data, DAVI helps businesses understand brand and category performance, identify growth opportunities, and optimize decisions. With a team of industry leaders and innovators, DAVI fosters a culture of excellence, continuous learning, and mentorship, empowering employees to shape their careers and contribute to the rapidly evolving data industry.

About the Role

As
Security Engineer Manager – Safe Browsing
, you'll lead a team of technical analysts and specialists focused on detecting and preventing web-based threats at scale. This role combines hands-on technical leadership with people management, process optimization, and collaboration across international security teams.

Location:
Manila

Setup:
Hybrid (3 days onsite, 2 days WFH)

Schedule:
Night shift, follows US time

Start Date:
November 10, 2025

Headcount:
2–3 openings

Key Responsibilities

• Lead and mentor a team of tech analysts and specialists handling threat analysis and enforcement.
• Oversee workflow management, SLAs, and risk escalation.
• Conduct technical audits and review code changes made by L3/L4 engineers.
• Develop data analyses to identify harmful entities, phishing, malware, and system vulnerabilities.
• Collaborate with cross-functional security, data, and product teams globally.
• Continuously identify and drive process improvements.

Must-Have Qualifications

• Bachelor's degree in
  Computer Science, Engineering, Mathematics, or Statistics
  (or equivalent experience).
• 8+ years
  of experience in
  security operations, web security analysis, or related analytical roles.
• Hands-on experience with
  SQL
  and
  Python
  for large dataset analysis.
• Deep understanding of the
  phishing, malware, and web threat landscape.
• 2+ years
  of experience managing and developing technical teams.
• Strong analytical and problem-solving mindset with close attention to detail.

Good-to-Have

• Familiarity with
  OWASP vulnerabilities
  and
  Exploit Kits.
• Experience with
  Linux OS
  ,
  shell scripting
  , or
  statistical tools (R, Stata, SAS).
• Excellent communication skills to explain complex concepts simply.
• Comfortable managing multiple priorities in a fast-paced setup.

Why Join Us

• Be part of a
  global security mission
  protecting millions of users every day.
• Work in a
  hybrid setup
  with flexible collaboration and modern tools.
• Build your expertise across
  cutting-edge security technologies
  .
• Lead a
  high-impact team
  with autonomy, ownership, and visibility.

The Information Security Manager will help develop and implement the organization's cybersecurity strategy and manage a team of Information Security personnel in securing Metro Pacific Tollway Corporation's information systems, infrastructure and data against internal and external threats.

Roles and Responsibilities

• Design, develop, and implement the organization's overall cybersecurity strategy and roadmap.
• Establish and enforce security standards, frameworks, and best practices to protect systems, applications, infrastructure, and data.
• Lead and manage the Information Security team, with responsibilities that include:

o Monitoring, detecting, analyzing, and responding to threat intelligence and security incidents.

o Deploying, configuring, and managing security tools and technologies (e.g., firewalls, data encryption, intrusion detection/prevention systems).

o Overseeing vulnerability management, including patch management, system hardening, and remediation tracking.

• Conduct regular Security Health Checks to assess the effectiveness of security controls.
• Perform ongoing Information Security Risk Assessments to identify, evaluate, and mitigate potential risks.
• Ensure the organization remains compliant with relevant regulatory requirements, including those from the National Privacy Commission (NPC) and the Toll Regulatory Board (TRB).
• Track, manage, and ensure timely mitigation of audit findings related to cybersecurity and information security.
• Position will report to the Head of Information Security

Qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Minimum of 10 years of experience in IT, with at least 5 years in an Information Security or cybersecurity-focused role.
• Must have completed Information Security-related training and hold relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+, etc.).
• Proven leadership and team management skills, with the ability to guide, mentor, and motivate security team members.
• Solid understanding of security and privacy-related legal and regulatory requirements, including local compliance obligations (e.g., NPC, TRB).
• Deep knowledge of information security tools, technologies, and threat detection platforms.
• Familiarity with information security frameworks, such as ISO/IEC 27001.
• Demonstrated experience in developing and maintaining information security policies, procedures, standards, and guidelines.

Why Join Us?

We know that your time and well-being are important to you, so we offer a comprehensive benefits package that is designed to support your physical, financial, and emotional health.

Our benefits package includes:

• Health card for employees and dependents
• Life insurance
• Retirement savings plan with company match
• On-site gym and fitness classes
• Employee assistance program
• Guaranteed 14
  th
  -month pay upon regularization
• Paid Vacation Leave
• Sick Leave Conversion
• Rice allowance
• Christmas Basket
• Training and opportunities for Career Development and growth
• Employee Wellness Program

What is it like to be part of MPTC?

Our people are at the core of our business and our success. We are honored that our commitment has been recognized by Investors in People, an internationally respected accreditor, with the Gold Standard certification and the prestigious Employer of the Year 2020 award for NLEX Corporation.

We're a group of visionary and dynamic individuals working together to provide the ultimate mobility experience. Our team members all share a positive attitude, problem-solving abilities, and patience, enabling them to provide excellent customer service even during fast-paced shifts. We're committed to giving you every opportunity to grow as you build your winning career with us.

Be part of our next move to progress and share the vision of transforming lives through unparalleled road infrastructures with us.

The Information Security Manager evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements.

Position Responsibilities:

• Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness.
• Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements.
• Evaluates the organization's compliance with preferred cybersecurity frameworks.
• Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
• Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues.
• Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented.
• Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders.
• Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action.
• Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team.
• Ensures compliance with applicable security policies and standards.
• Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization.
• Provides professional advice – takes a lead role of process or program execution
• Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others' deliverables
• Work is guided by cascaded policies or business plans
  May lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests

Required Qualifications:

• Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulations
• Experience performing compliance and control testing assessments
• Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls
• Proficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworks
• Understanding of cloud computing security principles and leading practices
• Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization
• Knowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanism

Skills:

• Cybersecurity
• Security Compliance
• IT Controls
• IT Audit
• IT Regulatory Compliance
• Risk Assessment
• Control Testing

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit .

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact .

Working Arrangement

Hybrid

Are you passionate about security and data protection? Do you excel in troubleshooting and optimizing networks? As our IT Security Manager, you will lead the charge in developing and maintaining secure, functional networks while mentoring a team of engineers. Join us and play a key role in protecting our digital infrastructure and ensuring peak network performance.

Key Responsibilities

• Design and deploy functional networks (LAN, WLAN, WAN).
• Configure and install software, servers, routers, and other network devices.
• Monitor and optimize network performance and integrity.
• Troubleshoot escalated issues in cloud and local infrastructure.
• Automate tasks and assess their effectiveness.
• Mentor team members to strengthen technical expertise.
• Oversee and test security measures, including access authentication and disaster recovery.
• Maintain comprehensive technical documentation.
• Recommend and implement improvements to enhance network performance and scalability.
• Communicate effectively with users to address technical concerns.

Key Qualifications

• At least 3 years of professional experience in Information and IT Security.
• Strong knowledge of ISMS and IT security processes.
• Experience working in a multinational company.
• Exceptional communication and analytical skills.
• Proven ability to work independently and with minimal supervision.
• Willingness to work on-site at our Head Office in the Bicol Region.

Job Type: Full-time

Application Question(s):

• Write down your salary expectation.

Work Location: In person

The Global Information Security Manager is responsible for governance, compliance, risk assessment, and awareness in local ISO and participates in other regional ISO support, which includes Singapore, Malaysia, Indonesia, Thailand, Vietnam and India.

Main Duties and Responsibilities:

• Handling Information Security Management, address the information security threats and incidents and drive remediation.

• In conjunction with the Legal team Identify information management and protection laws and regulations and implement actions to ensure compliance with relevant information management

and protection laws.

• Identify, track and oversee internal and external compliance and regulatory requirements (PCI, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.

• Maintain an information management and protection framework for an effective company-wide governance programme.

• Manage information security awareness programs and provide training to all staff on a basis.

• Manage day-to-day security activities, including conducting vendor security assessment, privacy security assessment, implementing company policies, and communication related to the information security programme.

• Manage and Support the Information Security requirements across different BUs.

• Support other local ISO members in different regions as a regional ISO team member.

QUALIFICATIONS

Technical skills:

• Minimum 8 to 12 years of experience in information security governance, risk and compliance.

• Strong knowledge and Experience in information risk assessment and compliance needs.

• Strong knowledge and Experience in information security frameworks.

• Strong knowledge and Experience in applicable laws, regulations, and standards relating to security and data privacy.

• Good understanding of information security governance frameworks such as ISO27001 (and ISO27701 framework, etc.,)

• Understanding and ability of risk analysis for cyber threats. (Preferred)

• Other technical and/or security certifications preferred. (e.g. CISA, CISM, CISSP, SANS, GIAC, etc.) (Preferred).

Knowledge, skills and abilities:

• Educational Background: BS or MS degree in IT, Security or Computer Science.

• Excellent communication skills.

• Ability to multitask, prioritize work effectively and manage tasks/projects to completion.

• Ability to to work independently and within a team environment.

• Highly motivated and strong sense of responsibility and ownership.

• Language Proficiency Level: Excellent Communication Skills in English.

• Ability to make Business Process Analysis.