287 Information Governance jobs in the Philippines

As the
AVP for Internal Audit and Regulatory Response,
you will help sustain the operational requirements of the Security and Architecture Group (SAG) - MNL Governance, Risk and Compliance, including the Audit and Controls Assurance function. Currently, these responsibilities are being handled full-time by one person and part-time by the SAG MNL Head. With the addition of a new permanent staff member, we are expanding our capacity to focus more deeply on regulatory compliance and advisory efforts.

How You'll Make an Impact

• Assists the Cybersecurity Manager in preparing regular reports to Management, including internal controls assessments, analysis of newly released Information Security or Cybersecurity regulations, and policy compliance with Head Office and regional standards for the MNL Branch.
• Supports in monitoring control programs and remediation activities and help coordinate internal and external system and information security audits.
• Help maintain IS policies and procedures and assist in administering reviews related to overall system security compliance programs.
• Conduct assessments to identify potential risk and root causes of ineffective IS controls and provide actionable recommendations for resolution.
• Perform other duties as assigned by GPAPD Management and Cybersecurity Manager, as needed.

What Sets You Apart

• Graduate of Computer Science, Accountancy, or related course
• Solid understanding and hands-on experience with Identity Access Management (IAM)
• Brings at least 5 years of experience in Information Security, Technology Risk, or Operational Risk
• Upholds ethical business practices, doing the right thing while ensuring full compliance with internal controls and legal/regulatory standards
• Strong problem-solving skills and can adapt quickly when demands and priorities shift
• You use relevant information to make sound, informed recommendations
• You collaborate well with others and communicate effectively across teams and cultures
• You're open-minded and flexible in your interactions with others
• You have a good aptitude for learning and mastering new technology
• Oral and written communication skills are clear, professional, and effective

OPENTEXT - THE INFORMATION COMPANY

OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation.

AI-First. Future-Driven. Human-Centered.

At OpenText, AI is at the heart of everything we do—powering innovation, transforming work, and empowering digital knowledge workers. We're hiring talent that AI can't replace to help us shape the future of information management. Join us.

The Opportunity:

The Manager, Security Operation Center is a member of the Information Protection Center team reporting to the Sr. Manager, Information Security. This position works across Corporate and Production teams to ensure the successful implementation of security tools, services, and technology. The Security operations center manager provides oversight and management of the SOC including security operations management and security incident response, incident detection and analysis, containment, and eradication of cybersecurity incidents. This position will manage resources, priorities, and internal projects, and manage the team directly when responding to business-critical security incidents. Ideally, this role will 8-5pm eastern standard time.

You Are Great At:

• Defining, managing, and implementing a comprehensive SOC service
• Be a leader in the expansion and growth of the SOC
• Lead the response to significant Security incidents, ensuring the SOC teams effective response
• Collaborate with client technical teams for issue resolution and mitigation
• Organizing and prioritizing assessments of security controls and services to ensure accurate coverage reporting and identification of coverage gaps
• Review personnel resources daily to assess workload and quality of work
• Coordinate with Incident Response, Threat Intelligence and Threat Hunting teams to create post-incident feedback loop to educate SOC analysts and enhance detection capability
• Implementing tools and processes to automate and visualize security metrics, reporting, and dashboards for varying audiences
• Develop and maintain Standard Operating Procedures for security analyst roles and responsibilities
• Interfacing with internal audit and compliance teams to produce required security artifacts
• Overseeing technical coordination/project management for security initiatives, projects, and integration of security tools and services
• Coordinating risk assessments for requested deviation to security policy/controls
• Security monitoring, managing security cases& tickets, security incident analysis, and other security tasks.
• Responding to incidents varying from endpoint to server systems
• Researching security advisories, e.g., CERT, and delivering appropriate course of action
• Creating documentation to ensure all team members can perform required tasks
• Creating meaningful and detailed metrics based on security events or activities
• Collecting evidence and artifacts to meet compliance requirements (ISO, SOX, HIPAA, SOC, etc.)
• Optimizing day-to-day shift resources and needs
• Ensuring appropriate staffing and coverage for assigned shifts
• Managing and communicating up effectively to leadership regarding staffing needs, events that occurred, etc

What It Takes:

• Creating and refining metrics to articulate and measure SOC performance.
• Knowledge and experience managing a SOC and security operations
• Experience in a delivery, operational or security program management role and previous experience in a leadership or supervisory role
• Demonstrated experience generating metrics to measure service and program effectiveness
• Understanding of compliance frameworks, like PCI, ISO 27001, NIST, etc.
• Excellent analytical skills, troubleshooting and problem solving
• Must be able to work in a fast paced and changing environment while handling multiple tasks, priorities, and directives. Capable of working under pressure.
• Excellent English writing and verbal communication skills
• BS in Computer Science, Cyber Security, or Information Security preferred
• 7+ years of information security experience
• 4+ years of experience working in a Security Operations Center
• 3+ years of experience managing a Security Operations Center
• CISSP, CISA, CISM, or other industry certifications preferred

OpenText's efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please contact us Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenText's vibrant workplace.

Job Brief

The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.

Duties and Responsibilities

• Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
• Perform test of design and operating effectiveness of controls
• Effectively communicate audit results to management
• Work with stakeholders to develop actions plans that address root cause of findings
• Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
• Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
• Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
• Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
• Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.

Minimum Requirements

• Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
• 2-4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
• Must have strong verbal and written communication skills; fluency in English is required
• Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
• Ability to travel up to 30% including international travel (valid passport required)
• Professional certifications (e.g., CIA, CISA, CISSP) are preferred

We at the Lennor Group, are urgently looking for a Information Security Manager for one of our client

About Lennor Group

As a proud Filipino company, we are committed to providing world-class business and workforce solutions. Our deep market expertise, combined with a global perspective, empowers us to serve businesses of all sizes and industries efficiently.

Our brand, Lennor Metier , is a leading recruitment agency and headhunting firm in the Philippines, partnering with reputable companies to source top talent for direct-hire opportunities. It specializes in IT, Finance, Engineering, Sales & Marketing, Supply Chain, HR, and Executive Search.

Salary Range : Up to P150,000

Work Setup : Onsite

Shift Schedule : Day Shift

Location : Taguig City

Job Overview

The Information Security Manager is responsible for overseeing the implementation and maintenance of the organization's information security strategy. This role ensures that security policies, procedures, and controls effectively protecting digital assets and aligning with regulatory requirements. The manager works closely with IT, compliance, and business units to manage risks, respond to incidents, and promote a culture of security awareness.

Your Responsibilities:

• Security Governance & Strategy
• Develop, implement, and maintain security policies, standards, and procedures.
• Align security initiatives with business objectives and regulatory requirements.

• Support internal and external audits and ensure compliance with frameworks (e.g., ISO 27001, NIST, GDPR).

• Risk Management

• Conduct regular risk assessments and vulnerability scans.
• Maintain and update the enterprise risk register.

• Recommend and oversee remediation plans for identified risks.

• Security Operations

• Monitor and manage security tools (e.g., SIEM, firewalls, antivirus, DLP).
• Lead incident response efforts and forensic investigations

• Coordinate with IT teams to ensure timely patching and system hardening.

• Identity & Access Management

• Oversee user access controls and privilege management.

• Ensure proper implementation of multi-factor authentication (MFA) and role-based access.

• Security Awareness & Training

• Develop and deliver security awareness programs for employees.
• Promote best practices and ensure ongoing education on emerging threats. 6. Project & Vendor Security
• Provide security oversight for IT and business projects.
• Review third-party vendor contracts and solutions for security compliance.

What our Client is Looking For:

• A Bachelor's Degree is required with a Master's Degree in cybersecurity, risk management, or IT governance being preferred
• Must possess a strong understanding of security frameworks (ISO 27001, NIST, COBIT)
• Experience with security operations tools and incident response
• Knowledge of cloud security (Azure, AWS, M365)
• Excellent communication and leadership skills
• Ability to manage cross-functional teams and influence stakeholders
• Analytical thinking and decision-making under pressure
• The following certifications are preferred:
• CISM (Certified Information Security Manager) – by ISACA Ideal for managing enterprise security programs.
• CISSP (Certified Information Systems Security Professional) – by (ISC)² Broad coverage of security domains.
• ISO/IEC 27001 Lead Implementer or Auditor – for governance and compliance
• CompTIA Security+ or CySA+ – for foundational and operational security
• CEH (Certified Ethical Hacker) – for threat analysis and penetration testing

Ready to take the next step in your career? Submit your application now

• We kindly request your patience as we receive a significant number of applications. Rest assured that our team will update your application's status soon. In the meantime, we encourage you to follow our LinkedIn page to stay informed about future opportunities and company updates.

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

Job Brief

The primary function is to perform advisory and assurance projects of Audit Services Group (ASG) focused on IT, information security and data privacy risks. ASG is responsible for evaluating the adequacy and effectiveness of the company's systems of internal controls that guide company activities toward accomplishing key business objectives.

Duties and Responsibilities

• Participate in planning, scoping and execution of risk-based IT, information security, and data privacy assurance and advisory projects in accordance with the Institute of Internal Auditors (IIA) and ASG standards
• Perform test of design and operating effectiveness of controls
• Effectively communicate audit results to management
• Work with stakeholders to develop actions plans that address root cause of findings
• Anticipate the impact of new technologies and strategic initiatives of the Company on its information security and privacy risk profile
• Demonstrate up-to-date knowledge in information security and privacy and apply this to the development, execution and improvement of audit programs and recommendations
• Develop and maintain productive working relationships with stakeholders, while maintaining independence and objectivity.
• Contribute to various department initiatives to streamline processes, improve stakeholder experience, and increase productivity.
• Contribute specialized expertise to different assigned projects and may provide key updates to Project Lead and Manager.

Qualifications

Minimum Requirements

• Bachelor's degree in management information systems, computer science, accounting, finance, or other IT related fields is required
• 2-4 years of IT auditing, technology, information security, privacy or other relevant work experience is required
• Must have strong verbal and written communication skills; fluency in English is required
• Knowledge of auditing cloud services, encryption technology, mobile technology, application security, software development methodologies, and common security frameworks preferred
• Ability to travel up to 30% including international travel (valid passport required)
• Professional certifications (e.g., CIA, CISA, CISSP) are preferred

Additional Information

Shift schedule: Morning shift (9AM to 6PM)

About AECOM

AECOM is proud to offer comprehensive benefits to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, flexible work options, well-being resources, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the global infrastructure leader, committed to delivering a better world. As a trusted professional services firm powered by deep technical abilities, we solve our clients' complex challenges in water, environment, energy, transportation and buildings. Our teams partner with public- and private-sector clients to create innovative, sustainable and resilient solutions throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. AECOM is a Fortune 500 firm that had revenue of $16.1 billion in fiscal year 2024. Learn more at

What makes AECOM a great place to work

You will be part of a global team that champions your growth and career ambitions. Work on groundbreaking projects - both in your local community and on a global scale - that are transforming our industry and shaping the future. With cutting-edge technology and a network of experts, you'll have the resources to make a real impact. Our award-winning training and development programs are designed to expand your technical expertise and leadership skills, helping you build the career you've always envisioned. Here, you'll find a welcoming workplace built on respect, collaboration and community - where you have the freedom to grow in a world of opportunity.

As an Equal Opportunity Employer, we believe in your potential and are here to help you achieve it. All your information will be kept confidential according to EEO guidelines.

Information Security Engineer III

Experience Level:
 5+ years

About the Role

We're looking for a highly skilled 
Information Security Engineer
 to strengthen and scale security across our cloud, application, and enterprise environments. In this role, you'll:

• Lead secure SDLC practices and embed security into every stage of the development lifecycle.
• Drive threat modeling, vulnerability management, and detection engineering.
• Operate and optimize key security platforms (EDR, DLP, SIEM, Email Security).
• Strengthen cloud and Microsoft 365 security, while ensuring enterprise resilience.

Key Responsibilities

Application & Cloud Security

• Integrate security into design, development, and deployment workflows.
• Conduct threat modeling and architecture reviews.
• Secure cloud platforms (AWS, Azure, Microsoft 365) through identity controls, hardening, and policy enforcement.

Security Platform Operations

• Operate and monitor EDR/XDR, DLP, SIEM, and email security platforms.
• Ensure tools are tuned, integrated, and delivering actionable insights.

Security Monitoring & Response

• Support day-to-day monitoring and incident investigations.
• Lead triage, containment, and remediation of threats.
• Contribute to detection tuning, post-incident reviews, and process improvements.

Threat & Vulnerability Management

• Identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and cloud.
• Support patching strategy, scanning, and threat intel correlation.

Endpoint & Infrastructure Hardening

• Implement secure configurations for Windows/Linux endpoints, servers, and network appliances.
• Align with CIS benchmarks and industry best practices.

Detection Engineering & Risk Management

• Build and tune detection logic in SIEM/XDR platforms.
• Collaborate across teams to reduce false positives and improve fidelity.
• Contribute to business continuity and disaster recovery planning.

Qualifications

• 5+ years of progressive experience in information security (application, cloud, infrastructure).
• Strong experience managing and securing 
  cloud platforms
   (AWS, Azure, Microsoft 365).
• Hands-on expertise with 
  security tools
  : EDR/XDR, DLP, SIEM, email security, vulnerability scanners.
• Knowledge of 
  secure SDLC, application security testing, DevSecOps
   practices.
• Familiar with 
  IAM, zero trust, and conditional access
   frameworks.
• Exposure to 
  threat modeling methodologies
   (STRIDE, MITRE ATT&CK).
• Understanding of 
  compliance standards
   (NIST, ISO 27001, GDPR, SOC 2, PCI-DSS).

Why Join Us?

• Work on 
  high-impact security initiatives
   that safeguard financial systems worldwide.
• Grow with us through 
  certifications, training, and clear career pathways
  .
• Collaborate with 
  smart, driven colleagues
   solving complex security challenges.
• Thrive in a 
  hybrid setup
   (2x per month onsite) with a focus on trust and flexibility.
• Be part of a 
  Great Place to Work-certified company
   that values people, not just output.

Note on Data Privacy

By applying, you consent to the use of your personal data for recruitment purposes. Data may be shared with third-party services and our parent company, ETS London, for recruitment and assessment. For questions, contact our 
DPO at 
.

JOB SUMMARY

The Information Security Lead will play a critical role in shaping and executing our information security strategy. This role involves leading the development and enforcement of security policies, conducting risk assessments, overseeing incident response, and ensuring regulatory compliance. You will act as the champion for security across the organization, advocating for best practices while fostering a culture of security awareness.

A mid-level management position in nature, this role will serve as the catalyst for a successful career in Operational Management for the right candidate.

Develop & Execute Security Strategy

• Collaborate with the Infrastructure Security team to design and implement an organization-wide security strategy that addresses both proactive and reactive measures to protect sensitive data and systems.
• Align the organization's overall business strategy with information security priorities in collaboration with key stakeholders.
• Develop clear, measurable security objectives that are aligned with business goals and regulatory requirements.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI-DSS) and align security measures with regulatory requirements.
• Lead audits and ensure adherence to security frameworks such as ISO 27001, NIST, etc.

Risk & Vulnerability Management

• Identify, assess, and mitigate security risks and vulnerabilities across the infrastructure.
• Lead regular risk assessments and recommend appropriate security controls.
• Create and maintain data flow maps to ensure all relevant risks are identified in internal systems.
• Conduct regular scans and assessments of infrastructure, applications, and networks to identify vulnerabilities.
• Utilize industry-standard tools (e.g., Nessus, Qualys, or custom scripts) to detect flaws in configurations, code, and infrastructure.
• Collaborate with IT, development, and relevant teams to address risks and vulnerabilities.

Incident Response

• Drive investigations into breaches, coordinating with internal teams to mitigate damage and restore services.
• Prepare detailed incident reports including timeline, root cause, response actions, lessons learned, and follow-up activities.
• Work with relevant teams (e.g., IT, development) to eliminate threats and prevent recurrence.
• Communicate incident status and impact to key stakeholders (senior management, legal, compliance, etc.).
• Recommend improvements to detection, response time, and mitigation strategies.
• Conduct tabletop exercises and simulation drills to test the effectiveness of the Incident Response Plan (IRP).

Security Monitoring & Auditing

• Audit controls, tools, and systems to ensure proper tracking of security events.
• Perform routine security audits to identify threats and areas for improvement.
• Analyze threat reports and vendor advisories to update risk and vulnerability strategies.
• Conduct security audits to ensure compliance with standards (e.g., ISO 27001, NIST, PCI-DSS, GDPR), and use findings to improve the vulnerability management program.

Vendor Management

• Assess and ensure the security of external services, software, and systems.
• Conduct vendor-specific risk assessments and coordinate with teams to mitigate any identified risks.
• Ensure vendor compliance with company security and regulatory obligations.

Leadership & Mentorship

• Lead a team of security professionals by providing guidance, mentorship, and promoting a security-first mindset across the organization.

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Experience in information security with a focus on risk management, incident response, and compliance.
• Familiarity with security tools, firewalls, encryption, IDS/IPS, and vulnerability management.
• Expertise in security frameworks (e.g., ISO 27001, NIST, PCI-DSS).
• Hands-on experience with incident management, breach investigations, and response planning.
• Strong foundation in IT infrastructure, network, and security.
• Experience with cloud security (AWS, Azure, etc.), network security, and endpoint protection.
• Excellent communication skills to explain security concepts to both technical and non-technical audiences.
• Ability to lead and motivate teams while managing strategic and operational security tasks.
• Security certifications such as CC, CISSP, CISM, CISA, or similar are a plus.

• An opportunity to create or be part of something remarkable
• A competitive salary package based on your experience, skills, and character
• Company-sponsored Health Maintenance coverage on Day 1
• Career growth and learning opportunities
• Opportunities to collaborate across teams and with global business leaders
• A chance to contribute to charitable efforts just by doing your job well

Responsibilities:

• Actively monitor, detect, and respond to security alerts and incidents per defined SLA.
• Incidents are acknowledged and responded to within the agreed response SLO
• Perform alert triage and analysis including asset and custodian identification, reputational checking, and alert validation
• Perform containment and eradication within the agreed response SLO
• Ensures resolution of incidents within the defined SLOs
• Utilize IR toolsets such as ServiceNow, EAS, IPS, WAF, NAC, Firewall etc
• Timely submission of Operational Performance reports/dashboards/value reports for consumption of management

Qualifications:

• Bachelor's degree of Information Technology, Computer Science, Computer Engineering
• At least 1-2 years' work experience in Incident Response
• Knowledgeable in Security Monitoring and Service Management Tools

About the role

Dumaguete Bank is seeking an experienced Information Security Officer to join our dynamic team in Dumaguete City, Negros Oriental. As the Information Security Officer, you will play a crucial role in ensuring the security and protection of our organisation's sensitive data and IT infrastructure. This full-time position is an excellent opportunity for a security professional to make a meaningful impact within a forward-thinking financial institution.

What you'll be doing

The Information Security Officer (ISO) will be responsible for aligning security initiatives with business objectives, ensuring that our banking operations are secure and compliant with statutory standards while meeting customer needs and maintaining high security standards across the Bank.

• Formulate the ISSP and ISP for approval by the Board and Senior Management and implement and manage the duly‐approved ISSP and ISP.
• Develop policies and procedures for access onboarding, modifications and offboarding across systems and monitor its execution and oversee the provisioning and deprovisioning of user access to enterprise and production applications and systems. Review and approve access requests and role-based access control matrices.
• Coordinate and work with IT Unit and officer across different departments to ensure that information security requirements support business needs and security systems and processes are working as intended.
• Monitor and enforce compliance with the ISP and the corresponding policies, standards and procedures across the organization and conduct security awareness and training programs catered to different sets of stakeholders.
• Educate, inform, and report to the Board and Senior Management relevant information security issues and concerns.
• Ensure that security controls and processes are embedded throughout the lifecycle of information, systems, applications, products and services.
• Conduct and assist in the effective implementation of information security incident response plan and assist in ensuring regulatory compliance and adherence to information security‐related laws, rules and regulations.

Key Responsibilities

• Strategic Alignment: Align security initiatives with business goals and objectives, ensuring that security measures support the overall mission of the Bank. Advocate for information security best practices and risk management solutions to enhance the Bank's overall security posture.
• Risk Management: Identify, assess, and mitigate security risks associated with banking operations. Develop and implement risk management strategies to protect sensitive information.
• Policy Development: Develop and enforce security policies, standards, and procedures to ensure compliance with international regulations and industry best practices.
• Security and Business Integration: Work closely with units, IT, and other stakeholders to integrate security into all aspects of the Bank's operations. Provide guidance and support to ensure security is considered in all business decisions. Act as a bridge between technical and business teams, ensuring alignment and smooth integration.
• Training and Awareness: Drive security awareness initiatives across the bank to foster a security-conscious culture
• Continuous Improvement: Continuously monitor the effectiveness of security measures, identify gaps, and recommend improvements. Work with internal teams to develop innovative solutions to enhance security across business operations.

What we're looking for

• Minimum of 2 years of experience in information security, ideally in the banking or financial services industry
• Strong technical expertise in security technologies, such as firewalls, intrusion detection/prevention systems, and identity and access management
• Proficiency in security risk assessment, vulnerability management, and incident response
• Excellent problem-solving, analytical, and critical thinking skills
• Strong communication and stakeholder management abilities
• Relevant certifications, such as CISSP, CISA, or CISM, are highly desirable but not required
• Tertiary degree in Computer Science, Information Technology, or a related field

If you are passionate about information security and ready to take on a challenging and rewarding role, we encourage you to apply now.