241 Information Security Manager jobs in the Philippines

JOB TITLE: Information Security Manager

Location: Alabang, Muntinlupa City

Position Type: Full Time

Work Set up:  Onsite daily; Fixed weekends off

Schedule:General shift

Start Date:ASAP

Salary Package: 80, ,000 +10,000 allowances

Experienced IT Security and Compliance professional with over six years of experience in a similar role, including two years in a leadership capacity. Possesses strong knowledge of industry security standards and regulatory frameworks such as ISO 27001, NIST, ITIL, PCI-DSS, HIPAA, and GDPR. Demonstrates a deep understanding of the business risks and impacts associated with non-compliance, ensuring security practices align with both regulatory and operational goals.

• Lead the development, implementation, and maintenance of IT security policies and compliance programs.
• Ensure adherence to relevant security standards such as ISO 27001, NIST, and other regulatory requirements.
• Monitor compliance with frameworks including PCI-DSS, HIPAA, and GDPR across all IT operations.
• Conduct risk assessments and internal audits to identify vulnerabilities and ensure proper mitigation strategies.
• Provide guidance and training to teams on security and compliance best practices.
• Collaborate with cross-functional teams to address security gaps and improve compliance posture.
• Stay updated on emerging regulations and industry trends to proactively address potential compliance issues.
• Serve as a key point of contact during external audits and regulatory reviews.

• Minimum of 6 years of experience in IT security or compliance, with at least 2 years in a leadership or supervisory role
• Strong knowledge of security frameworks and standards such as ISO 27001, NIST, and ITIL
• Deep understanding of regulatory requirements including PCI-DSS, HIPAA, GDPR, etc.
• Solid grasp of the business and operational risks related to non-compliance
• Experience conducting risk assessments, audits, and implementing corrective action plans
• Excellent problem-solving, communication, and stakeholder management skills
• Bachelor's degree in Information Security, Computer Science, Information Technology, or related field (Certifications such as CISM, CISA, or CISSP are a plus)

About the Company

PhilWeb is a publicly listed company and the leading gaming technology provider in the Philippines. It excels in the gaming industry by offering superior and innovative products while maintaining the highest standards of customer service. The company establishes strategic partnerships to ensure a fair, secure, and legal gaming experience for customers. Additionally, PhilWeb fosters a rewarding and dynamic work environment that attracts, retains, and motivates highly competent, passionate, and innovative individuals, delivering above-market value for shareholders.

Job Title: Information Security Manager

Reports To: VP of Information Technology

Job Summary:

The Information Security Manager has the responsibility for managing the day-to-day operations and personnel in-charge of the development and implementation of the organization's various information security programs and will be responsible for all ongoing activities, projects and initiatives that serve to provide appropriate access and protect the confidentiality, integrity and availability of the network, applications, employees, and business information in compliance with organization policies and globally acceptable best practices and standards.

Working closely with the rest of the I.T. group, the 'Infosec Team' helps resolves technical issues pertaining to information security as well as provide human and material resources to complete assigned I.T. projects, initiatives and tasks.

Key Responsibilities:

• Create, maintain, Implement, and enforce an organization wide information security policy.
• Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
• Provides direct training and oversight to all employees, affiliates, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures
• Initiates, facilitates, and promotes activities to create information security awareness within the organization
• Establish, manage, and perform information security risk assessments and serve as an internal auditor for security issues.
• Periodically review all network and system related security plans of the entire organization.
• Coordinates and inform/update the activities to the VP for Information of Technology
• Coordinates with 3rd party service providers and external organizations for information security requirements
• Advises the organization with current information about information security technologies and related regulatory issues.
• Monitors internal control systems to ensure that appropriate access levels are maintained
• Create, maintain, and implement a comprehensive disaster recovery and business continuity plan covering the vital information technology resources of the organization.
• Make the organization compliant with International Information Security Standards such as ISO and the like.
• Conduct periodic vulnerability assessment of all vital information technology resources and apply appropriate fixes or remedies to close potential risks.
• Manage the entire I.T. Information Security group by providing leadership, guidance, and developing programs and activities that will enhance productivity, increase work efficiency, improve morale, enhance camaraderie, and promote the well-being of each employee.
• Establish and administer the annual information security program budget and determine appropriate spending of the funds for the fiscal year.
• Maintain on-going professional development and obtain relevant education and certification for himself/herself and his/her qualified staff.

Qualifications & Experience:

• At least eight (8) years' experience in a combination of risk management, information security and IT jobs
• Solid communication skills to translate technical jargons to business-related decisions for management and clients
• Knowledge in Information Security Management frameworks
• Knowledge and experience in IT Infrastructure and Development
• Knowledge and experience in IT Operations with focus on IT Security
• Knowledge and experience in Cloud Computing
• Understanding of technologies, trends related to Information Security Management
• Can work independently
• Professional security management certification is an advantage
• Experience in managing organization compliance under ISO 27001 will be an advantage

Education: Bachelor's degree in information technology, Computer Science, Computer Engineering

Working Conditions: Office setting with a possibility of remote work arrangements.

Benefits: Health insurance, life insurance, paid time off, and opportunities for professional development.

Job Level & Salary Range

• Managerial Level
• Competitive salary, commensurate with experience.

We at the Lennor Group, are urgently looking for a Information Security Manager for one of our client

About Lennor Group

As a proud Filipino company, we are committed to providing world-class business and workforce solutions. Our deep market expertise, combined with a global perspective, empowers us to serve businesses of all sizes and industries efficiently.

Our brand, Lennor Metier, is a leading recruitment agency and headhunting firm in the Philippines, partnering with reputable companies to source top talent for direct-hire opportunities. It specializes in IT, Finance, Engineering, Sales & Marketing, Supply Chain, HR, and Executive Search.

Salary Range: Open

Work Setup: Onsite

Shift Schedule: Day Shift

Location: Taguig City

Job Overview

The Information Security Manager is responsible for overseeing the implementation and maintenance of the organization's information security strategy. This role ensures that security policies, procedures, and controls effectively protecting digital assets and aligning with regulatory requirements. The manager works closely with IT, compliance, and business units to manage risks, respond to incidents, and promote a culture of security awareness.

Your Responsibilities:

Security Governance & Strategy

• Develop, implement, and maintain security policies, standards, and procedures.
• Align security initiatives with business objectives and regulatory requirements.
• Support internal and external audits and ensure compliance with frameworks (e.g., ISO 27001, NIST, GDPR).

Risk Management

• Conduct regular risk assessments and vulnerability scans.
• Maintain and update the enterprise risk register.
• Recommend and oversee remediation plans for identified risks.

Security Operations

• Monitor and manage security tools (e.g., SIEM, firewalls, antivirus, DLP).
• Lead incident response efforts and forensic investigations
• Coordinate with IT teams to ensure timely patching and system hardening.

Identity & Access Management

• Oversee user access controls and privilege management.
• Ensure proper implementation of multi-factor authentication (MFA) and role-based access.

Security Awareness & Training

• Develop and deliver security awareness programs for employees.
• Promote best practices and ensure ongoing education on emerging threats. 6. Project & Vendor Security
• Provide security oversight for IT and business projects.
• Review third-party vendor contracts and solutions for security compliance.

What our Client is Looking For:

• A Bachelor's Degree is required with a Master's Degree in cybersecurity, risk management, or IT governance being preferred
• Must possess a strong understanding of security frameworks (ISO 27001, NIST, COBIT)
• Experience with security operations tools and incident response
• Knowledge of cloud security (Azure, AWS, M365)
• Excellent communication and leadership skills
• Ability to manage cross-functional teams and influence stakeholders
• Analytical thinking and decision-making under pressure
• The following certifications are preferred:
• CISM (Certified Information Security Manager) – by ISACA Ideal for managing enterprise security programs.
• CISSP (Certified Information Systems Security Professional) – by (ISC)² Broad coverage of security domains.
• ISO/IEC 27001 Lead Implementer or Auditor – for governance and compliance
• CompTIA Security+ or CySA+ – for foundational and operational security
• CEH (Certified Ethical Hacker) – for threat analysis and penetration testing

Ready to take the next step in your career? Submit your application now

--- We kindly request your patience as we receive a significant number of applications. Rest assured that our team will update your application's status soon. In the meantime, we encourage you to follow our LinkedIn page to stay informed about future opportunities and company updates.

Job Type: Full-time

Pay: Up to Php150,000.00 per month

Benefits:

• Health insurance

Application Question(s):

• Can you start ASAP?
• What is your current basic pay?
• How much is your salary expectation?

Work Location: In person

The Information Security Manager is responsible for overseeing the implementation and

maintenance of the organization's information security strategy. This role ensures that security

policies, procedures, and controls effectively protecting digital assets and aligning with regulatory

requirements. The manager works closely with IT, compliance, and business units to manage

risks, respond to incidents, and promote a culture of security awareness.

Scope of Work:

1. Security Governance & Strategy

 Develop, implement, and maintain security policies, standards, and procedures.

Align security initiatives with business objectives and regulatory requirements.

upport internal and external audits and ensure compliance with frameworks (e.g., ISO

27001, NIST, GDPR).

1. Risk Management

onduct regular risk assessments and vulnerability scans.

aintain and update the enterprise risk register.

ecommend and oversee remediation plans for identified risks.

1. Security Operations

onitor and manage security tools (e.g., SIEM, firewalls, antivirus, DLP).

ead incident response efforts and forensic investigations.

oordinate with IT teams to ensure timely patching and system hardening.

1. Identity & Access Management

versee user access controls and privilege management.

nsure proper implementation of multi-factor authentication (MFA) and role-based

access.

1. Security Awareness & Training

evelop and deliver security awareness programs for employees.

romote best practices and ensure ongoing education on emerging threats.

1. Project & Vendor Security

rovide security oversight for IT and business projects.

eview third-party vendor contracts and solutions for security compliance.

Educational Requirements:

achelor 's Degree in:

o Information Security

o Computer Science

o Information Technology

o Cybersecurity

o Or a related field

referred: Master's Degree or postgraduate coursework in cybersecurity, risk

management, or IT governance

Recommended Certifications:

ISM (Certified Information Security Manager) – by ISACA

Ideal for managing enterprise security programs.

 SP (Certified Information Systems Security Professional) – by (ISC)²

Broad coverage of security domains.

 I IEC 27001 Lead Implementer or Auditor – for governance and compliance

 pTIA Security+ or CySA+ – for foundational and operational security

 (Certified Ethical Hacker) – for threat analysis and penetration testing

Key Skills:

 ong understanding of security frameworks (ISO 27001, NIST, COBIT)

xperience with security operations tools and incident response

nowledge of cloud security (Azure, AWS, M365)

xcellent communication and leadership skills

bility to manage cross-functional teams and influence stakeholders

nalytical thinking and decision-making under pressure

Are you passionate about security and data protection? Do you excel in troubleshooting and optimizing networks? As our IT Security Manager, you will lead the charge in developing and maintaining secure, functional networks while mentoring a team of engineers. Join us and play a key role in protecting our digital infrastructure and ensuring peak network performance.

Key Responsibilities

• Design and deploy functional networks (LAN, WLAN, WAN).
• Configure and install software, servers, routers, and other network devices.
• Monitor and optimize network performance and integrity.
• Troubleshoot escalated issues in cloud and local infrastructure.
• Automate tasks and assess their effectiveness.
• Mentor team members to strengthen technical expertise.
• Oversee and test security measures, including access authentication and disaster recovery.
• Maintain comprehensive technical documentation.
• Recommend and implement improvements to enhance network performance and scalability.
• Communicate effectively with users to address technical concerns.

Key Qualifications

• At least 3 years of professional experience in Information and IT Security.
• Strong knowledge of ISMS and IT security processes.
• Experience working in a multinational company.
• Exceptional communication and analytical skills.
• Proven ability to work independently and with minimal supervision.
• Willingness to work on-site at our Head Office in the Bicol Region.

Why Join Us?

At our company, you'll work in a collaborative, forward-thinking environment where your expertise will help shape a secure, scalable future.

The Global Information Security Manager is responsible for governance, compliance, risk assessment, and awareness in local ISO and participates in other regional ISO support, which includes Singapore, Malaysia, Indonesia, Thailand, Vietnam and India.

Main Duties and Responsibilities:

• Handling Information Security Management, address the information security threats and incidents and drive remediation.

• In conjunction with the Legal team Identify information management and protection laws and regulations and implement actions to ensure compliance with relevant information management

and protection laws.

• Identify, track and oversee internal and external compliance and regulatory requirements (PCI, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.

• Maintain an information management and protection framework for an effective company-wide governance programme.

• Manage information security awareness programs and provide training to all staff on a basis.

• Manage day-to-day security activities, including conducting vendor security assessment, privacy security assessment, implementing company policies, and communication related to the information security programme.

• Manage and Support the Information Security requirements across different BUs.

• Support other local ISO members in different regions as a regional ISO team member.

QUALIFICATIONS

Technical skills:

• Minimum 8 to 12 years of experience in information security governance, risk and compliance.

• Strong knowledge and Experience in information risk assessment and compliance needs.

• Strong knowledge and Experience in information security frameworks.

• Strong knowledge and Experience in applicable laws, regulations, and standards relating to security and data privacy.

• Good understanding of information security governance frameworks such as ISO27001 (and ISO27701 framework, etc.,)

• Understanding and ability of risk analysis for cyber threats. (Preferred)

• Other technical and/or security certifications preferred. (e.g. CISA, CISM, CISSP, SANS, GIAC, etc.) (Preferred).

Knowledge, skills and abilities:

• Educational Background: BS or MS degree in IT, Security or Computer Science.

• Excellent communication skills.

• Ability to multitask, prioritize work effectively and manage tasks/projects to completion.

• Ability to to work independently and within a team environment.

• Highly motivated and strong sense of responsibility and ownership.

• Language Proficiency Level: Excellent Communication Skills in English.

• Ability to make Business Process Analysis.

The
Global ISO Manager
is responsible for governance, compliance, risk assessment, and awareness in local ISO and participates in other regional ISO support, which includes Singapore, Malaysia, Indonesia, Thailand, Vietnam and India.

Main Duties and Responsibilities:

• Handling Information Security Management, address the information security threats and incidents and drive remediation.
• In conjunction with the Legal team Identify information management and protection laws and regulations and implement actions to ensure compliance with relevant information management and protection laws.
• Identify, track and oversee internal and external compliance and regulatory requirements (PCI, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.
• Maintain an information management and protection framework for an effective company-wide governance programme.
• Manage information security awareness programs and provide training to all staff on a basis.
• Manage day-to-day security activities, including conducting vendor security assessment, privacy security assessment, implementing company policies, and communication related to the information security programme.
• Manage and Support the Information Security requirements across different BUs.
• Support other local ISO members in different regions as a regional ISO team member.

QUALIFICATIONS

Technical skills:

• Minimum 8 to 12 years of experience in information security governance, risk and compliance.
• Strong knowledge and Experience in information risk assessment and compliance needs.
• Strong knowledge and Experience in information security frameworks.
• Strong knowledge and Experience in applicable laws, regulations, and standards relating to security and data privacy.
• Good understanding of information security governance frameworks such as ISO27001 (and ISO27701 framework, etc.,)
• Understanding and ability of risk analysis for cyber threats. (Preferred)
• Other technical and/or security certifications preferred. (e.g. CISA, CISM, CISSP, SANS, GIAC, etc.) (Preferred).

Knowledge, skills and abilities:

• Educational Background: BS or MS degree in IT, Security or Computer Science.
• Excellent communication skills.
• Ability to multitask, prioritize work effectively and manage tasks/projects to completion.
• Ability to to work independently and within a team environment.
• Highly motivated and strong sense of responsibility and ownership.
• Language Proficiency Level: Excellent Communication Skills in English.
• Ability to make Business Process Analysis.

Job Summary:

The IT Info security Manager is responsible for developing, maintaining, and optimizing IT processes, policies, and documentation to enhance operational efficiency, ensure regulatory compliance, and support knowledge management within the organization. This role involves collaborating with IT teams, business units, and compliance officers to standardize workflows, improve IT governance, and ensure clear and accessible documentation.

Key Responsibilities:

1. Compliance & Regulatory Adherence

2. Ensure IT processes comply with legal, regulatory, and industry standards

3. Conduct IT audits, risk assessments, and policy reviews to identify gaps and enforce compliance

4. Collaborate with security and compliance teams to align IT operations with governance frameworks.

5. Process Development & Optimization

6. Design, implement and refine IT processes to align with industry standards (eg. ITIL, ISO 27001, etc)

7. Develop workflows to improve IT service delivery, change management, and incident resolutions.

8. Conduct regular reviews and updates to optimize IT procedures and policies.

9. IT Documentation Management

10. Create, maintain, and refine IT policies, procedures, user manuals, and technical documentation

11. Ensure technical documentation is clear, accurate, and accessible for IT teams and stakeholders

12. Manage IT knowledge bases, wikis, and documentation repositories.

13. Collaboration & Training

14. Work closely with IT, business, and compliance teams to document and improve workflows

15. Train IT staff and end-users on IT policies, procedures, and best practices.
16. Act as point of contact for IT documentation inquiries and process-related improvements.

Key Qualifications:

Education: Bachelor's degree in any of the following:

• Information Technology (IT) or Information Systems - covers IT documentation, compliance, IT governance/management and business process.
• Computer Science - strong foundation in software, security, and technical documentation
• Business Administration (with IT or Compliance focus) - combines business processes with IT governance.

Related Degree (a plus):

• Legal Studies (with IT Law Focus) - regulatory frameworks and industry-specific compliance requirements (ITIL, ISO 27001, etc.)
• Library and Information Science - Managing and structuring technical information
• Technical Writing - Ideal for IT documentation and regulatory compliance
• Regulatory Affairs - specialized in compliance, laws, and industry regulations.

Experience:

• Minimum of 3-5 years experience in IT compliance management, IT documentation management, regulatory affairs with proven task record in compliance initiatives.
• Experience in preparing and submitting regulatory documents and interacting with global IT standardization institutions IT security frameworks and government agencies.
• Experience with IT regulations and certifications (ISO 27001, etc.)

Skills:

• Strong knowledge of IT regulatory/governance frameworks and industry-specific compliance requirements (ITIL, ISO 27001, etc.)
• Proficient in document management systems and regulatory software (eg. Confluence, SharePoint, Wiki Platforms, Microsoft Office, Flowcharts)
• Excellent organizational, communication, and project management skills
• Analytical mindset with the ability to assess data, trends, and performance metrics.
• Ability to lead cross-functional teams and manage complex projects.

Certifications (At least one of the ff:)

ITIL, ISO 27001, Certified Lean Six Sigma (CLSS), Certified Manager of Quality/Organizational Excellence (CMQ/OE), Certified Business Process Professional (CBPP), Certified Professional in Business Process Management (CPBPM), Project Management Professional (PMP) Certification, Total Quality Management (TQM) certification or its equivalent.

Work Environment:

Office based with occasional travel required for site visits, regulatory meetings, or industry events

Collaborative work with multiple departments and stakeholders

Engaging in various task that require both independent and team-driven efforts.