398 Information Security jobs in the Philippines

We're looking for an Information Security Manager, Identity Access Management (IAM) Consultant to join our Group Functions IT Information Security and Business Resilience Team at MBPS. In this role, you are expected to apply identity access security risk knowledge and expertise to assist with IT information security First Line of Defense activities to help strengthen Manulife's corporate segment information security posture and ensure regulatory compliance.

Deliver Identity Access Management services, guidance, and advice. Failure to deliver on these programs will impact Manulife and Group Functions segment specifically in achieving their business objectives, safeguarding its people and information assets, and continuing to meet the information risk management requirements of our clients, shareholders, and regulators.

Have the skills and knowledge for the job? Learn more about the opening below

Key Responsibilities:

• Risk Management & Advisory : Support business and IT partners in identifying and managing information and access risks, acting as a subject matter expert in access security.
• Project & Governance Involvement : Participate in key initiatives to ensure access risks are addressed, and enforce governance aligned with Identity and Access Management standards.
• Access Review & Compliance : Conduct baseline access reviews, ensure regular and automated access reviews, and validate data integrity in review processes.
• Security Controls & Consulting : Ensure proper authorization, enforce Separation of Duties, and provide consulting services to stakeholders on application access security.
• Operational Support & Continuous Improvement : Assist with incident response, audits, and highlight areas for improvement while staying updated on emerging threats and technologies.

Qualifications:

• University degree in Computer Science, Information Technology, Software Engineering, Business Administration, or relevant educational and professional experience .
• Four years of progressive experience working at an intermediate level role, or above, within a combination of relevant disciplines in the field of Risk Management, application security and Identity and Access Management – can include Access provisioning/deprovisioning, Application Onboarding, Access Reviews
• Familiarity with application and data flows, SaaS, PaaS and IaaS
• Experience with Risk Management, highlighting gaps and managing resolutions
• Understanding of Azure Identity model and governance is good to have
• Strong in data analysis, requirement gathering and problem-solving skills
• Resourceful and able to work independently while still being part of a geographically diverse team, managing multiple priorities within tight deadlines and communicating primarily through online collaboration tools (MS Teams, SharePoint, etc.)
• Excellent verbal and written communication, facilitation, and interpersonal skills.
• Influence behavior to reduce risks and foster a strong information access security risk management culture.
• Takes initiative and complete ownership of tasks and issues as needed
• Quick learner and able to adapt to unforeseen changes and needs
• Hybrid working arrangement: 3 days in office, 2 days at home.
• Shift Schedule : Morning Shift (10am to 7pm) PH Time

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we'll support you in shaping the future you want to see.

Let's make every day better together. Learn about our opportunities at JOBS.MANULIFE.COM

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit .

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact .

Working Arrangement

Hybrid

The SOC Analyst is responsible for monitoring, detecting and responding to security incidents. They will provide cybersecurity incident response support.

Responsibilities:

• L1 to L3 Cybersecurity Incident Response Support
• On-call Incident Response support for Medium to Critical Incidents
• Daily Cybersecurity Ticket Management
• Daily Cybersecurity Incident Detection/Monitoring via different tools such as SIEM, API Security, EDR and/or SOAR
• Daily tracking for Phishing and SMShing
• Provision of Incident Reports
• Daily and Weekly Incident Reporting
• Basic Threat Intelligence
• Social Network Site / Public Repositories Investigation (e.g. Information about the Bank)
• Research on the latest Cybersecurity Threats / Vulnerabilities affecting the Bank's platforms
• Research on Malicious Software / Domain / IP form
• Threat Intel Research on Free Public Platforms / Knowledgebase / Threat Intelligence Feeds of Security Vendors
• Research on New / Emerging Cybersecurity Frameworks
• Vulnerability Assessment and Penetration Testing exercise/assistance
• Cybersecurity compliance activities

Qualifications:

• Graduate of 4-years course, Bachelor's degree in preferrably in IT, Computer Science, Engineering or related field.
• Have foundational knowledge and understanding of networking, operating systems, and cybersecurity principles.
• Relevant certifications (e.g., CompTIA Security+, CEH, GCIH) preferred.
• Knowledge of MITRE ATT&CK framework, threat analysis, threat hunting techniques, digital forensics, and incident response.
• Knowledgeable with SIEM tools, IDS/IPS, endpoint protection, and forensic tools
• Strong analytical and problem-solving skills.
• Ability to work under pressure and in a fast-paced environment.
• Team-oriented mindset with a proactive attitude.
• Strong attention to detail and willingness to learn.
• Amenable to work in a shifting schedule including weekends
• At least 5 years experience as a SOC Analyst

About the Role

We are looking for an experienced Senior SOC Engineer to lead threat detection, incident response, and continuous monitoring in our Security Operations Center. You will play a key role in protecting our systems and data, especially in a regulated financial environment.

Key Responsibilities

• Lead real-time monitoring, triage, and response to security incidents (cloud & on-prem).
• Build and improve SIEM detection rules and use cases for better threat visibility.
• Conduct threat hunting and forensic investigations using logs, endpoints, and network data.
• Work with threat intelligence teams to integrate IOCs and attack techniques into monitoring.
• Maintain and improve SOC playbooks, runbooks, and incident response procedures.
• Mentor junior analysts and guide escalated incident handling.
• Collaborate with engineering teams to implement security controls and logging standards.
• Support compliance requirements (GLBA, FFIEC, PCI DSS) through strong monitoring and response.
• Participate in red/blue/purple team exercises and post-incident reviews.

Qualifications

• Strong experience in SOC operations, threat detection, and incident response.
• Hands-on expertise with SIEM tools, log analysis, and forensic investigations.
• Solid knowledge of cloud and on-prem security monitoring.
• Ability to mentor, lead incidents, and work across technical teams.
• Understanding of regulatory compliance in financial environments.

Preferred Certifications

• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• Certified Information Systems Security Professional (CISSP)
• Certified SOC Analyst (CSA)

Job Type: Full-time

Pay: Php100, Php120,000.00 per month

Application Question(s):

• Are you comfortable working in a hybrid set up?
• Are you comfortable working night shift?
• Do you have working knowledge of GLBA, FFIEC, PCI DSS or similar regulatory requirements?
• Do you have practical knowledge of monitoring AWS/Azure/GCP environments.

Experience:

• SIEM Platform: 5 years (Required)
• EDR/XDR Tools: 5 years (Required)

Work Location: In person

About the Role:

We are looking for a highly skilled
Network Security Engineer
to join our APAC IT Infrastructure team. In this role, you will be responsible for designing, deploying, and maintaining secure, high-performance network solutions across the region. You will support critical connectivity for our Corporate & Investment Banking (CIB) operations, ensuring infrastructure stability, scalability, and compliance with global standards.

Key Responsibilities:

• Maintain and enhance network infrastructure across CIB offices, regional exchanges, collocation sites, and client environments.
• Design and deploy secure network solutions, including firewalls, load balancers, proxies, and intrusion prevention systems (IPS).
• Translate business requirements into technical designs that ensure availability, performance, security, and compliance with bank standards.
• Collaborate with the central architecture team on initiatives such as proof-of-concepts, evaluations, and testing—ensuring alignment with regional constraints.
• Understand regional business needs and work with global engineering teams to develop and implement suitable technical solutions.
• Gather, document, and communicate business and technical requirements, and oversee solution implementation in coordination with central teams.

Required Skills & Experience:

• Advanced knowledge of network architecture design, implementation, and support.
• Hands-on experience with deploying and managing network and security equipment, including wireless infrastructure, firewalls, load balancers, and proxies.
• Deep understanding of TCP/IP, BGP, and OSPF protocols, with strong deployment and troubleshooting experience on platforms such as F5 LTM, McAfee Proxy, and Cisco ISE.
• Proven expertise in managing Checkpoint and Fortinet firewalls.
• Familiarity with network monitoring and analysis tools such as Zabbix, Micro Focus Network Automation, Wireshark, and NetFluke.
• Experience with market access infrastructure across Asia-Pacific and the ability to optimize network performance accordingly.
• Working knowledge of the ITIL framework.
• Strong project management skills, including experience with proposal writing, project planning, execution, monitoring, and closure.
• Excellent communication, documentation, and organizational skills.
• Client-oriented mindset with the ability to work independently and under pressure.

Qualifications:

• Minimum certification: CCSA/CCSE or CNE-4/CNE-5.
• 5+ years of experience in firewall, proxy, and F5 deployment services, with at least 2 years in the financial industry.
• Expertise in exchange connectivity and trading network security infrastructure.
• Familiarity with PMI methodology.
• Fluency in English (spoken and written).
• Must be amenable to shifting schedules and 24/7 operations, including holiday shifts.

Designation: Compliance & Information Security Assistant Manager

Experience: 6 to 9 years of experience in Compliance, Information Security and BCM Domains

Department: Compliance and Information Security

Work Timing: 9 hours/day; 5 days a week, should work as per US and Manila Ops shift timings

Qualifications: Graduate (any stream)

Professional Certifications: ISO27001 Lead Auditor/PCI DSS/CEH-EC council/CISA.

Key Skills: ISO 27001:2022 (ISMS), HIPAA, SOC 2 Type II, HITRUST, PCI DSS, VAPT and Cyber Security Assessments, Vulnerability Management, and Third-party Risk management

Skills Qualifications:

Required:

• Knowledge of latest ISO 27001 standard, PCI DSS, and HIPAA.
• Internal and External audit experience of ISO standards ISO 27001.
• Knowledge and audit experience of HIPAA compliance and HITRUST requirements.
• Should have knowledge/hand on experience on working on SOC 2/ HITRUST/PCI DSS, requirements.
• Should have hands-on experience in VAPT, Vulnerability management, and cyber security management.
• Should have knowledge of the basic ITGC controls/Information Security.
• Certified Lead Auditor for ISMS and Certified PCI DSS implementor.
• Experience in coordinating with vendors and internal stakeholders for different compliance and information security tasks.
• Should have knowledge of BCP/DR and conduct BCP tests.
• Experience in handling Risk Management Audits, Risk Registers, BIA processes.
• Knowledge and experience of Risk Management standards i.e. ISO 31000.
• Knowledge and experience of all BCM implementation based on ISO 22301.
• Good written and verbal communication skills.

Preferred:

• Knowledge of Information Security.
• Knowledge of PCI DSS and VAPT assessments.
• Knowledge of SOC 2, HIPAA and HITRUST Audits.
• Hands on experience of managing BCP incidents.

Job Summary:

Compliance and Information Security team's Assistant Manager/Senior Executive will be a part of the core Compliance team and will help drive, manage, implement & evaluate the certifications and compliance standards. He / She should support the organization to get certified and maintain ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, other Cyber security frameworks and assessments.

Duties and Responsibilities:

• Manage all tasks of the Compliance and Information Security team for all locations in the Philippines (Manila and Ilo Ilo).
• Communicate with internal and external stakeholders regarding all compliance-related activities.
• Participate in compliance audit programs both internally and externally for ISO, HIPAA, SOC2, VAPT, PCI DSS, and HITRUST, as and when needed.
• Develop and review company policies and procedures, handle compliance training programs, and monitor compliance related matters.
• Educate stakeholders to implement corrective actions.
• Ensure that corrective actions are adequate and have been implemented for all identified compliance deficiencies.
• Promote awareness related to information privacy and security and enforce compliance across the enterprise.
• Help implement and manage the compliance program effectively.
• Report to the MR/CISO/management about the status of compliance in the organization through detailed reports.
• Create, manage, and track effective action plans in response to audit observations and compliance violations.
• Manage and perform internal audits to identify possible weaknesses or risks in the company's information security management system.
• Perform additional audits as and when necessary.
• Assess the organization's processes to determine compliance risks and formulate necessary risk mitigation plans.
• Ensure that all employees are aware of their compliance responsibilities.
• Support teams in conducting BIA, documenting and managing risks, managing BCP incidents, and planning and conducting BCP tests.
• Working with vendors and external auditors on all audit and assessment tasks and ensuring to close the loop with them.
• Work with the vendors to perform third-party audits based on the frequency.
• Work with internal stakeholders to fill out the client questionnaires and RFP documents to submit them on time.

Job Type: Full-time

Pay: Php70, Php75,000.00 per month

Benefits:

• Additional leave
• Company events
• Health insurance
• Opportunities for promotion
• Promotion to permanent employee

Experience:

• Compliance: 5 years (Required)
• Information Security and BCM Domains: 5 years (Required)

License/Certification:

• ISO27001 Lead Auditor/PCI DSS/CEH-EC council/CISA (Required)

Location:

• Iloilo City (Preferred)

Work Location: In person

• Planning, implementing, managing, monitoring, and upgrading security measures for the protection of the organization's data, systems, and networks.
• Troubleshooting security and network problems.
• Responding to all system and/or network security breaches.
• Ensuring that the organization's data and infrastructure are protected by enabling the appropriate security controls.
• Participating in the change management process.
• Testing and identifying network and system. vulnerabilities.
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization.

Requirements:

• Can start ASAP or in less than 30 days.
• Willing to work hybrid/onsite setup (Ortigas, Pasig)

Benefits:

Communication Allowance

About Workstreet

At Workstreet, we are on an exciting journey to help businesses scale securely by building and implementing cutting-edge security and compliance programs. We're a fast-growing startup specializing in compliance frameworks like SOC 2, ISO 27001, GDPR, and more. Our goal is to empower companies to meet regulatory standards while enhancing their cybersecurity posture from day one

Workstreet is seeking an experienced Compliance and Security extraordinaire who will be responsible for managing compliance programs and ensuring adherence to frameworks like SOC 2, ISO 27001, HIPAA, and others for our clients. The ideal candidate will have a proven track record in policy writing, implementing SOC 2 Type 1 and Type 2, and hands-on experience with technical controls in various cloud platforms such as AWS, GCP, and Azure.

Key Responsibilities:

• Develop, write, and maintain policies and procedures to ensure compliance with SOC 2, ISO 27001, and other relevant standards.
• Manage and execute SOC 2 Type 1 and Type 2 implementation projects. Implement and oversee technical controls in cloud environments, including AWS, GCP, and Azure.
• Direct daily operations of a small team, driving success through effective leadership.
• Conduct regular security audits and risk assessments to identify vulnerabilities and ensure continuous improvement of security posture.
• Coordinate with different teams to ensure compliance and security best practices are integrated into their workflows.
• Stay updated on new regulatory requirements and industry best practices.
• Work within and feel comfortable operating compliance platforms like Drata, Vanta, and SecureFrame.

Qualifications:

• Bachelor's degree in Information Technology, Cybersecurity, or a related field.
• 3+ years managing a small team.
• Proven experience in managing compliance programs and familiarity with SOC 2 and ISO 27001 frameworks.
• Strong knowledge and experience in implementing technical controls in cloud platforms like AWS, GCP, and Azure.
• Excellent communication and writing skills in English.
• Ability to work independently with a strong sense of initiative.
• Must be amenable to work US Eastern Time zone hours.

Preferred Skills:

• Relevant certifications (e.g., CISA, CISSP, CISM).
• Experience in conducting security training and awareness programs.
• Familiarity with other compliance frameworks and regulations (e.g., GDPR, HIPAA).

What We Offer:

• Competitive pay
• Work from anywhere in the world
• Ability to grow from this role into a vCISO role
• Ability to work with amazing companies and clients

Workstreet Celebrates Diversity

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Non-negotiable skills:

Sr. Network Security Engineer SME

• BGP, Azure, Security

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Computer Engineering, or any related field. Advanced degree or certifications (e.g., AWS Certified Solutions Architect, CCNP Cloud, Azure Solutions Architect) are a plus.
• 6+ years of experience in network engineering, with a focus on cloud networking and infrastructure.
• In-depth knowledge of cloud networking concepts and technologies, including VPCs, subnets, routing tables, security groups, and load balancers.
• Hands-on experience with cloud platforms such as Azure, or GCP, including proficiency in cloud networking services and features.
• Strong understanding of network security principles, protocols, and best practices in a cloud environment.
• Experience with network automation and orchestration tools, infrastructure as code (IaC) practices, and scripting languages (e.g., Python, PowerShell).
• Excellent analytical, problem-solving, and troubleshooting skills with the ability to diagnose and resolve complex cloud network issues.
• Effective communication and collaboration skills with the ability to work closely with cross-functional teams and stakeholders.Responsibilities:
• As a Senior Network Security Engineer, you will be a key member of our IT infrastructure team, responsible for designing, implementing, and optimizing our cloud-based network architecture.
• Leveraging your expertise in cloud networking technologies, you will ensure the scalability, reliability, and security of our cloud network infrastructure while supporting the seamless integration of cloud services with our on-premises systems.

Job Type: Full-time

Pay: Php100, Php110,000.00 per month

Benefits:

• Paid training

Experience:

• Network engineering: 6 years (Required)
• Cloud Networking : 4 years (Required)
• Network infrastructure: 4 years (Required)
• Azure: 3 years (Required)
• BGP: 3 years (Required)
• Security: 3 years (Required)
• Python: 3 years (Required)
• PowerShell: 3 years (Required)

Work Location: In person

Education
Bachelor's Degree of Information Technology or any related IT course.

Qualifications
Qualifications

• Proven experience in designing, implementing, and maintaining scalable IAM solutions and platforms
• Expertise in developing and enforcing access control policies and procedures
• Hands-on experience with implementing automated workflows for identity and access requests
• Proficiency in IAM tools such as SailPoint, Microsoft Entra ID, and Aveksa
• Strong background in IAM automation and scripting (e.g., Python, PowerShell, Java), including API integrations
• Familiarity with cloud security and IAM frameworks across Azure, AWS, and Google Cloud environments

Duties And Responsibilities
Role Definition
Plans, designs and implements cybersecurity strategies and solutions to prevent critical damage to the organization brought by cyber-attacks.

Responsibilities

• Develops and implements security controls, systems, remote access solutions, and infrastructure architecture in alignment with defined requirements and guidelines; configures network controls to protect the organization's environment in a timely manner.
• Provides recommendations for security products, services, and procedures to enhance system architecture and security controls; conducts testing and evaluation of new cybersecurity technologies and controls.
• Collaborates with cybersecurity and technology teams to deploy vulnerability mitigations and support integration activities; leverages industry standards and frameworks to identify capabilities and technologies that strengthen cyber defenses across diverse scenarios.
• Implements security systems by defining intrusion detection methodologies and preparing both preventive and reactive measures.
• Reviews security technologies, tools, and services, and provides recommendations to the broader security team based on security, financial, and operational metrics.
• Defines processes and architectures for securing networks, applications, and infrastructure; builds firewalls and implements intrusion detection systems in complex environments.