262 Security Compliance jobs in the Philippines

Company Description

Converge ICT Solutions, Inc. is a leading broadband service and technology provider in the Philippines, offering fast and reliable pure fiber internet connectivity. With a vast national fiber optic network spanning over 710,000 kilometers, Converge ICT Solutions provides high-quality network connectivity and security solutions to enterprise organizations.

Role Description

This is a full-time on-site role for an Information Security Compliance Officer located in Pasig.
The position assists the Data Privacy and Information Security Compliance Department in ensuring that Converge complies with applicable information security standards, as well as data privacy and data protection laws and regulations. The Information Security Compliance Officer develops and maintains the necessary policies and procedures, conducts awareness training programs, implements applicable security measures, conducts audit, monitoring and testing of internal controls and manages third-party risks.

Qualifications

• College Graduate of any course
• Bachelor's degree in Information Technology or any course with a minimum of three (3) years in experience in Information Security and Information Technology Compliance, IT Audit, Risk Management and Project Management.

Areas of Responsibility:

Compliance Monitoring

Ensure continued compliance (and certification as necessary) with ISO 27001 standards and the NIST CSF Framework and applicable data protection laws and regulations

Develop, maintain, implement, cascade and review Information Security policies and procedures, operating manuals, memorandums, etc.,

Information Security Audit and Monitoring

Acts as the point person for internal and external information security audit.

Conducts periodic review of the organization's cybersecurity posture and communicates any audit observations with relevant stakeholders and key business units to ensure resolution on the agreed timeline.

Awareness Training

Develop and implement information security awareness training program, which include but is not limited to (1) Annual Information Security Awareness, (2) Phishing Simulations, (3) Cascade of important matters relevant to information security, (4) creates and maintain info-awareness materials.

Third-Party Risk

Supports the organization in reviewing and making recommendations on agreements or contracts to ensure safety and security of company confidential information.

Role Description

This is a full-time on-site role for an Information Security Compliance Officer located in Pasig. The position assists the Data Privacy and Information Security Compliance Department in ensuring that Converge complies with applicable information security standards, as well as data privacy and data protection laws and regulations. The Information Security Compliance Officer develops and maintains the necessary policies and procedures, conducts awareness training programs, implements applicable security measures, conducts audit, monitoring and testing of internal controls and manages third-party risks.

Qualifications

• College Graduate of any course
• Bachelor's degree in Information Technology or any course with a minimum of three (3) years in experience in Information Security and Information Technology Compliance, IT Audit, Risk Management and Project Management.

Areas of Responsibility:

• Compliance Monitoring
• Ensure continued compliance (and certification as necessary) with ISO 27001 standards and the NIST CSF Framework and applicable data protection laws and regulations
• Develop, maintain, implement, cascade and review Information Security policies and procedures, operating manuals, memorandums, etc.,

Information Security Audit and Monitoring

• Acts as the point person for internal and external information security audit.
• Conducts periodic review of the organization's cybersecurity posture and communicates any audit observations with relevant stakeholders and key business units to ensure resolution on the agreed timeline.

Awareness Training

• Develop and implement information security awareness training program, which include but is not limited to (1) Annual Information Security Awareness, (2) Phishing Simulations, (3) Cascade of important matters relevant to information security, (4) creates and maintain info-awareness materials.

Third-Party Risk

• Supports the organization in reviewing and making recommendations on agreements or contracts to ensure safety and security of company confidential information.

Job Type: Full-time

Application Question(s):

• What is your expected salary?

Work Location: In person

Job Description
*About TaskUs: *
TaskUs is a provider of outsourced digital services and next-generation customer experience to fast-growing technology companies, helping its clients represent, protect and grow their brands. Leveraging a cloud-based infrastructure, TaskUs serves clients in the fastest-growing sectors, including social media, e-commerce, gaming, streaming media, food delivery, ride-sharing, HiTech, FinTech, and HealthTech.

The People First culture at TaskUs has enabled the company to expand its workforce to approximately 45,000 employees globally. Presently, we have a presence in twenty-three locations across twelve countries, which include the Philippines, India, and the United States.

It started with one ridiculously good idea to create a different breed of Business Processing Outsourcing (BPO) We at TaskUs understand that achieving growth for our partners requires a culture of constant motion, exploring new technologies, being ready to handle any challenge at a moment's notice, and mastering consistency in an ever-changing world.

*What We Offer: *
At TaskUs, we prioritize our employees' well-being by offering competitive industry salaries and comprehensive benefits packages. Our commitment to a People First culture is reflected in the various departments we have established, including Total Rewards, Wellness, HR, and Diversity. We take pride in our inclusive environment and positive impact on the community. Moreover, we actively encourage internal mobility and professional growth at all stages of an employee's career within TaskUs. Join our team today and experience firsthand our dedication to supporting People First.

What can you expect in a Security Compliance Manager role with TaskUs:
Think of yourself as someone who will be responsible for all aspects of Information Security Management and Cyber risk management, ensuring the integrity, confidentiality, and availability of information, networks and systems. You will establish and execute a multi-year strategic implementation roadmap for information security aligned with corporate business strategies and global IT strategy.

Imagine yourself going to work with one thing on your mind: that you will develop, maintain, publish and enforce up to date information security and physical security policies, procedures, standards, and guidelines.

Key Responsibilities

• Manage all enterprise security compliance requirements and Certifications, including PCI DSS, SOC 2, HIPAA/HITRUST, and multiple ISO standards including the base This will include serving as primary audit liaison, compiling all evidence/documentation requests, and reporting on the progress of audits to InfoSec and IT leadership.
• Lead the Client Audit from an Auditee perspective and coordinate with all internal teams to align on the client audit processes. Provide all inputs, justification and documents required to the client auditors and ensure all requirements are completed and fulfilled well on time.
• Owns the development and implementation of a corporate security & compliance awareness program. Develops training and awareness efforts for employees, contractors, and visitors to establish a "culture of security" to prevent or mitigate security incidents. Creates and propagates security awareness and training programs among employees.
• Conducts research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts.
• Ensures security compliance with applicable regulations and other state and federal laws. Keeps current on US and PH laws and industry data privacy and security regulations.
• Assist in developing and maintaining security operations procedures and processes, as well as working with business units outside of InfoSec to formally document policies and procedures.
• Recommends and supports deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.
• Work with security engineers for the optimal configuration of network and host-based security platforms in line with compliance requirements.
• Provide Incident Response support as needed in response to information security-related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related information systems anomalies based on security platform reporting, network traffic, log files, and host-based and automated security alerts.
• Have good experience in Data Governance and Business Impact Analysis (BIA).
• Evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations.
• Participate in DRP exercises and continuous improvement processes. Assists in designing and implementing disaster recovery and business continuity plans, procedures, audits, and enhancements.
• Performs other duties as assigned.

Required Qualifications

• At least 8 years of experience in a combination of Information security, risk management, and IT jobs (preferably in a BPO environment)
• Has 5 years of experience as a Manager of IT security with a job history demonstrating increasing levels of responsibility
• Proven track record and experience in developing security policies, procedures, and standards while successfully executing security projects
• Experience with information security frameworks such as COBIT, COSO, ITIL, is needed.
• Has knowledge and understanding of relevant legal and regulatory requirements, including requirements of PCI DSS, ISO 2700x, SOC 2, HIPAA/HITRUST, Data Protection.
• Knowledgeable on security issues, techniques and implications across the whole IT Infrastructure
• Proficient in performing enterprise risk, business impact, and vulnerability assessments and defining risk mitigation strategies
• With a strong understanding of the business impact of security tools, technologies and policies
• Ability to develop and articulate a compelling business case for recommended actions
• Direct experience in the Vulnerability Scanning and Penetration Testing process and other relevant software tools is a plus
• Strong project management and leadership skills
• Strong problem-solving skills with well-organized and structured work habits
• Demonstrated the ability to manage several projects simultaneously while meeting strict deadlines and objectives
• Excellent verbal and written communication skills with the ability to communicate security concepts to both technical and non-technical audiences at all levels
• Excellent interpersonal and collaboration skills with the ability to function well in a team or independently
• Ability to lead and motivate cross-functional teams to achieve strategic goals
• Has poise and has the ability to maintain composure in high-stress situations

Education / Certifications

• BS degree in Computer Science, Engineering or equivalent work experience; an M.B.A. or M.S. in information security is a plus with CISA and/or CISSP Certifications.

Work Location / Work Schedule / Travel:

• TBD

*How We Partner To Protect You: *
TaskUs will neither solicit money from you during your application process nor require any form of payment in order to proceed with your application. Kindly ensure that you are always in communication with only authorized recruiters of TaskUs.

*DEI: *
In TaskUs we believe that innovation and higher performance are brought by people from all walks of life. We welcome applicants of different backgrounds, demographics, and circumstances. Inclusive and equitable practices are our responsibility as a business. TaskUs is committed to providing equal access to opportunities. If you need reasonable accommodations in any part of the hiring process, please let us know.

We invite you to explore all TaskUs career opportunities and apply through the provided URL
.
TaskUs is proud to be an equal opportunity workplace and is an affirmative action employer. We celebrate and support diversity; we are committed to creating an inclusive environment for all employees. TaskUs people first culture thrives on it for the benefit of our employees, our clients, our services, and our community.

Req Id: R_2508_10506_1

Posted At: Fri Aug :00:00 GMT+000 (Coordinated Universal Time)

Elevate is recruiting anIT Security Compliance Managerto join our high-performing team, serving as the central liaison between the Sales, Legal, IT, and BUs, guaranteeing compliance and precision in all client-facing documentation. We provide consulting, technology, and services to law departments and law firms, offering practical ways to improve efficiency, quality, and business outcomes. 

You are driven, smart, flexible, and enjoy a fast-paced, team-oriented environment, where you can succeed and learn while making a dent in the legal universe.

Specifically, the IT Security Compliance Manager will

I. Proposal Management (RFP, RFI, RFQ)

This section incorporates the core duties of a traditional RFP Manager:

• Project Leadership: Establish, drive, and enforce strict timelines and workflows for all proposal submissions, ensuring on-time and compliant delivery.
• Content Coordination: Act as the primary contact for subject matter experts (SMEs) across departments (e.g., IT, Finance, Legal, Sales) to gather, write, and review content.
• Content Library Management: Maintain, update, and audit the centralized repository of standard proposal and security-related content for accuracy and efficiency.
• Strategy & Review: Work with Sales and Leadership to identify win themes, review drafts, and edit final submissions for clarity, persuasiveness, and adherence to client specifications.

II. Security and Compliance

This section covers the specialized security and audit requirements:

• Security Questionnaire Response: Manage the end-to-end process of responding to complex customer security, vendor due diligence, and risk assessment questionnaires (e.g., SIG, CAIQ).
• ISO 27001 Audit Support: Serve as a key resource during internal and external ISO 27001 audits, assisting with documentation, evidence collection, control verification, and ensuring adherence to the ISMS (Information Security Management System).
• Compliance Communication: Translate complex security controls, policies, and compliance standards (like ISO 27001, SOC 2, HIPAA, etc.) into clear, concise, and accurate language for proposals and client questionnaires.
• Evidence Collection: Maintain a clear, accessible repository of security and compliance evidence for rapid insertion into RFPs and security audits.
• Assist BU's and Functions in ensuring compliance to Elevate security certifications are met.

III. Mentoring/Coaching

• Train junior members of the team to achieve their full potential as an InfoSec resource.

Experience

• Proven experience managing the full RFP response lifecycle.
• Demonstrable experience managing ISO 27001 audits.
• Expertise in information security concepts, terminology, and common security frameworks.
• SOC2 Type 2 and HIPAA experience a plus

Skills for Success

• Exceptional project management, organizational, and technical writing skills

Technical Skills

• ISO 27001 certification

Qualifications

• Bachelor's degree in Computer science/ Information technology

Company Information

Elevate is a law company. We provide software and services for the intersection of business and law. Our legal, business, and technology professionals offer practical ways for global law departments and law firms to improve efficiency, quality, and business outcomes.

Our most recent achievements and distinctions include:

• Certified as one of the UK's Best Workplaces for Development 2025 by Great Place to Work
• Certified as a Great Place to Work 2025 in the US, UK, India, and Philippines
• For the tenth consecutive year, in 2025, Chambers & Partners named Elevate as a Top global services provider, ranking us as Band 1 (highest ranking) in all applicable categories (Contract Lifecycle Management, Litigation Services, and Flexible Legal Staffing) and as an Alternative Legal Service Provider in Asia-Pacific
• Newsweek named Elevate one of 'America's Greatest Workplaces in Professional Services' for 2025 and previously awarded it the highest rating in the 'America's Greatest Workplaces for Diversity' and 'America's Greatest Workplaces for 2024' lists
• For the fourth year in a row, Elevate's integrated law firm is designated as a top law firm in Commercial Litigation in the 2024 edition of Best Lawyers/US News & World Report Best Law Firms
• Elevate named a top ALSP in Asia by Thomson Reuters' Asian Legal Business in 2024
• Winner, Inc. 5000 Fastest-Growing Private Companies: 2022, 2021, 2020, 2018, 2017, and 2016

Learn more at   

See more jobs at

Follow us on social media  

Follow our Flexible Legal Resourcing Community

The position is primarily responsible for implementing and monitoring cybersecurity compliance programs, security controls, and policies to ensure the organization meets regulatory and legal requirements. The position is also responsible for supporting audits, conducting risk assessments, and coordinating with internal and external stakeholders to uphold cybersecurity standards.

Duties And Responsibilities

• Executes compliance programs and monitors adherence to established cybersecurity controls, frameworks, and policies.
• Performs regular internal audits and supports external audit activities to assess conformity with cybersecurity policies and regulatory requirements. Documents findings and assists in remediation planning.
• Collaborates with legal, risk, and compliance teams to understand regulatory impacts and ensure cybersecurity practices align with business and legal requirements.
• Reviews vendor and contractor agreements to verify inclusion of appropriate cybersecurity clauses. Ensures third-party adherence to security standards and data protection requirements.
• Assists in validating incident response actions to ensure they meet regulatory obligations
• Helps prepare breach notifications and ensures timely reporting as required by law.
• Prepares and maintains records of audit results, compliance activities, and regulatory communications for internal and external stakeholders.

Requirements

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field
• Preferred certifications: CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, PCI-DSS, or other relevant cybersecurity compliance certifications
• Minimum of 3 years of relevant experience in cybersecurity compliance, audit, or risk assessment.
• Experience in conducting internal audits, preparing compliance documentation, and supporting regulatory reporting
• Exposure to working with cross-functional teams (legal, risk, IT)
• Familiarity with SOC 2 compliance and audit processes

Key Responsibilities:

• Assist in monitoring and reviewing compliance processes and documentation.
• Support the implementation of data protection and security guidelines.
• Conduct routine checks to ensure adherence to company policies and regulatory requirements.
• Assist in preparing reports and maintaining compliance records.
• Collaborate with cross-functional teams to address compliance-related issues.
• Stay updated on compliance regulations and industry best practices.

Qualifications:

• Bachelor's degree in Business, Information Technology, or a related field (or equivalent work experience).
• Strong attention to detail and organizational skills.
• Good analytical and problem-solving abilities.
• Proficient in MS Office (Excel, Word, PowerPoint).
• Strong written and verbal communication skills.

• Ability to work independently and as part of a team.

• Knowledge of compliance standards such as ISO, SOC, GDPR, or data privacy regulations.

• Relevant certifications is a plus but not required (e.g., ISO 27001, CIPP, CISA, or other compliance-related certifications).
• Willing to work in Alabang, Muntinlupa Site.

The position is primarily responsible for implementing and monitoring cybersecurity compliance programs, security controls, and policies to ensure the organization meets regulatory and legal requirements. The position is also responsible for supporting audits, conducting risk assessments, and coordinating with internal and external stakeholders to uphold cybersecurity standards.

DUTIES AND RESPONSIBILITIES:

• Executes compliance programs and monitors adherence to established cybersecurity controls, frameworks, and policies.
• Performs regular internal audits and supports external audit activities to assess conformity with cybersecurity policies and regulatory requirements. Documents findings and assists in remediation planning.
• Collaborates with legal, risk, and compliance teams to understand regulatory impacts and ensure cybersecurity practices align with business and legal requirements.
• Reviews vendor and contractor agreements to verify inclusion of appropriate cybersecurity clauses. Ensures third-party adherence to security standards and data protection requirements.
• Assists in validating incident response actions to ensure they meet regulatory obligations
• Helps prepare breach notifications and ensures timely reporting as required by law.
• Prepares and maintains records of audit results, compliance activities, and regulatory communications for internal and external stakeholders.

REQUIREMENTS:

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field
• Preferred certifications:
   CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, PCI-DSS, or other relevant cybersecurity compliance certifications
• Minimum of 3 years of relevant experience in cybersecurity compliance, audit, or risk assessment.
• Experience in conducting internal audits, preparing compliance documentation, and supporting regulatory reporting
• Exposure to working with
  cross-functional teams
  (legal, risk, IT)
• Familiarity with SOC 2 compliance and audit processes
• Willing to work in Makati

The position is primarily responsible for implementing and monitoring cybersecurity compliance programs, security controls, and policies to ensure the organization meets regulatory and legal requirements. The position is also responsible for supporting audits, conducting risk assessments, and coordinating with internal and external stakeholders to uphold cybersecurity standards.

DUTIES AND RESPONSIBILITIES:

• Executes compliance programs and monitors adherence to established cybersecurity controls, frameworks, and policies.
• Performs regular internal audits and supports external audit activities to assess conformity with cybersecurity policies and regulatory requirements. Documents findings and assists in remediation planning.
• Collaborates with legal, risk, and compliance teams to understand regulatory impacts and ensure cybersecurity practices align with business and legal requirements.
• Reviews vendor and contractor agreements to verify inclusion of appropriate cybersecurity clauses. Ensures third-party adherence to security standards and data protection requirements.
• Assists in validating incident response actions to ensure they meet regulatory obligations
• Helps prepare breach notifications and ensures timely reporting as required by law.
• Prepares and maintains records of audit results, compliance activities, and regulatory communications for internal and external stakeholders.

REQUIREMENTS:

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field
• Preferred certifications: CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, PCI-DSS, or other relevant cybersecurity compliance certifications
• Minimum of 3 years of relevant experience in cybersecurity compliance, audit, or risk assessment.
• Experience in conducting internal audits, preparing compliance documentation, and supporting regulatory reporting
• Exposure to working withcross-functional teams(legal, risk, IT)

• Familiarity with SOC 2 compliance and audit processes

• Willing to work in Makati

"We proudly celebrate diversity. We are committed to promoting inclusion in our workplace. We consider all applicants for employment based on the qualification required for the role."

• Lead the design, implementation, operation and maintenance of the Information Security Management System based on standards, including certification when required
• Maintain information security standards and procedures in compliance with risks assessments and current business requirements.
• Act as an internal consulting resource on information security issues.
• Facilitate the information security risk assessments
• Review compliance with the information security policy and associated procedures on ongoing basis via monitoring tools and report from annual security audit to the CIO and other stakeholders
• Coordinate and be active in information security efforts within and across various business units, and cooperate with the IT, HR, legal, financial, and executive offices
• Provide periodic reporting on information security issues to CIO and management and to the information security Steering Committee
• Coordinate security orientation and security awareness programs
• Cooperation with third parties providing outsourced IT security services, e.g. e-mail anti-virus and anti-spam, firewalls, intrusion detection/prevention system, etc.
• Co-ordinate responses to Information security events
• Ensuring adequate security for existing and new information systems
• Maintain awareness of changes in the industry and propose recommendations to improve the organization's computer systems
• Facilitates the configuration of network intrusion detection and prevention sensors and other information security monitoring infrastructure.
• Collects, assesses, and reports upon relevant threat intelligence / actionable security information and appropriately modifies tactical operations
• Performs analysis and response to Tier I & II security relevant alerts and events
• Assesses network traffic patterns and session data for indicators of malicious activity with assistance
• Plays a strong supporting role in prompt and effective response to information security incidents
• Performs operational assessment, prioritization, and remediation of enterprise vulnerabilities and exposures
• Supports of forensic investigations and penetration testing activity
• Assists with executing remediation plans for any gaps reported in audits or recommended process improvements that effect core information security services
• Orchestrates network security efforts between operations and application support groups while working with both full time and contractor/consultant resources
• Perform other duties as assigned

People and Development

• Demonstrates and reinforces the leadership behaviours and basic people skills minimum necessary to gain commitment form subordinates.
• Manages, motivates, and evaluates the IT assigned team, including recruiting, retaining, developing and coaching.
• Communicates and implements corporate policies and procedures.
• Interest and willingness to mentor junior team members

Qualifications:

• At least 3 years of professional experience in Information and IT Security
• Knowledge of ISMS and IT Security processes
• Experience in working in a multinational company
• Ability to identify the work required and organize, facilitate and / or perform the work with only minimal guidance from IT leadership management.
• Excellent communication skills
• Excellent analytical skills
• Amenable to work in Head Office (Bicol Region)

Educational Qualifications

• Bachelor's Degree in Computer Engineering, Bachelor's degree in MIS / Business / IT or a similar subject with strong exposure to information technology

Job Experience

• At least five 5 years of related experience or in a similar capacity

Licenses and Certifications

• Related Certification is a plus

Job Type: Full-time

Work Location: In person