204 Security Design jobs in the Philippines

As the
AVP for Internal Audit and Regulatory Response,
you will help sustain the operational requirements of the Security and Architecture Group (SAG) - MNL Governance, Risk and Compliance, including the Audit and Controls Assurance function. Currently, these responsibilities are being handled full-time by one person and part-time by the SAG MNL Head. With the addition of a new permanent staff member, we are expanding our capacity to focus more deeply on regulatory compliance and advisory efforts.

How You'll Make an Impact

• Assists the Cybersecurity Manager in preparing regular reports to Management, including internal controls assessments, analysis of newly released Information Security or Cybersecurity regulations, and policy compliance with Head Office and regional standards for the MNL Branch.
• Supports in monitoring control programs and remediation activities and help coordinate internal and external system and information security audits.
• Help maintain IS policies and procedures and assist in administering reviews related to overall system security compliance programs.
• Conduct assessments to identify potential risk and root causes of ineffective IS controls and provide actionable recommendations for resolution.
• Perform other duties as assigned by GPAPD Management and Cybersecurity Manager, as needed.

What Sets You Apart

• Graduate of Computer Science, Accountancy, or related course
• Solid understanding and hands-on experience with Identity Access Management (IAM)
• Brings at least 5 years of experience in Information Security, Technology Risk, or Operational Risk
• Upholds ethical business practices, doing the right thing while ensuring full compliance with internal controls and legal/regulatory standards
• Strong problem-solving skills and can adapt quickly when demands and priorities shift
• You use relevant information to make sound, informed recommendations
• You collaborate well with others and communicate effectively across teams and cultures
• You're open-minded and flexible in your interactions with others
• You have a good aptitude for learning and mastering new technology
• Oral and written communication skills are clear, professional, and effective

OPENTEXT - THE INFORMATION COMPANY

OpenText is a global leader in information management, where innovation, creativity, and collaboration are the key components of our corporate culture. As a member of our team, you will have the opportunity to partner with the most highly regarded companies in the world, tackle complex issues, and contribute to projects that shape the future of digital transformation.

AI-First. Future-Driven. Human-Centered.

At OpenText, AI is at the heart of everything we do—powering innovation, transforming work, and empowering digital knowledge workers. We're hiring talent that AI can't replace to help us shape the future of information management. Join us.

The Opportunity:

The Manager, Security Operation Center is a member of the Information Protection Center team reporting to the Sr. Manager, Information Security. This position works across Corporate and Production teams to ensure the successful implementation of security tools, services, and technology. The Security operations center manager provides oversight and management of the SOC including security operations management and security incident response, incident detection and analysis, containment, and eradication of cybersecurity incidents. This position will manage resources, priorities, and internal projects, and manage the team directly when responding to business-critical security incidents. Ideally, this role will 8-5pm eastern standard time.

You Are Great At:

• Defining, managing, and implementing a comprehensive SOC service
• Be a leader in the expansion and growth of the SOC
• Lead the response to significant Security incidents, ensuring the SOC teams effective response
• Collaborate with client technical teams for issue resolution and mitigation
• Organizing and prioritizing assessments of security controls and services to ensure accurate coverage reporting and identification of coverage gaps
• Review personnel resources daily to assess workload and quality of work
• Coordinate with Incident Response, Threat Intelligence and Threat Hunting teams to create post-incident feedback loop to educate SOC analysts and enhance detection capability
• Implementing tools and processes to automate and visualize security metrics, reporting, and dashboards for varying audiences
• Develop and maintain Standard Operating Procedures for security analyst roles and responsibilities
• Interfacing with internal audit and compliance teams to produce required security artifacts
• Overseeing technical coordination/project management for security initiatives, projects, and integration of security tools and services
• Coordinating risk assessments for requested deviation to security policy/controls
• Security monitoring, managing security cases& tickets, security incident analysis, and other security tasks.
• Responding to incidents varying from endpoint to server systems
• Researching security advisories, e.g., CERT, and delivering appropriate course of action
• Creating documentation to ensure all team members can perform required tasks
• Creating meaningful and detailed metrics based on security events or activities
• Collecting evidence and artifacts to meet compliance requirements (ISO, SOX, HIPAA, SOC, etc.)
• Optimizing day-to-day shift resources and needs
• Ensuring appropriate staffing and coverage for assigned shifts
• Managing and communicating up effectively to leadership regarding staffing needs, events that occurred, etc

What It Takes:

• Creating and refining metrics to articulate and measure SOC performance.
• Knowledge and experience managing a SOC and security operations
• Experience in a delivery, operational or security program management role and previous experience in a leadership or supervisory role
• Demonstrated experience generating metrics to measure service and program effectiveness
• Understanding of compliance frameworks, like PCI, ISO 27001, NIST, etc.
• Excellent analytical skills, troubleshooting and problem solving
• Must be able to work in a fast paced and changing environment while handling multiple tasks, priorities, and directives. Capable of working under pressure.
• Excellent English writing and verbal communication skills
• BS in Computer Science, Cyber Security, or Information Security preferred
• 7+ years of information security experience
• 4+ years of experience working in a Security Operations Center
• 3+ years of experience managing a Security Operations Center
• CISSP, CISA, CISM, or other industry certifications preferred

OpenText's efforts to build an inclusive work environment go beyond simply complying with applicable laws. Our Employment Equity and Diversity Policy provides direction on maintaining a working environment that is inclusive of everyone, regardless of culture, national origin, race, color, gender, gender identification, sexual orientation, family status, age, veteran status, disability, religion, or other basis protected by applicable laws.

If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please contact us Our proactive approach fosters collaboration, innovation, and personal growth, enriching OpenText's vibrant workplace.

Responsibilities:

• Actively monitor, detect, and respond to security alerts and incidents per defined SLA.
• Incidents are acknowledged and responded to within the agreed response SLO
• Perform alert triage and analysis including asset and custodian identification, reputational checking, and alert validation
• Perform containment and eradication within the agreed response SLO
• Ensures resolution of incidents within the defined SLOs
• Utilize IR toolsets such as ServiceNow, EAS, IPS, WAF, NAC, Firewall etc
• Timely submission of Operational Performance reports/dashboards/value reports for consumption of management

Qualifications:

• Bachelor's degree of Information Technology, Computer Science, Computer Engineering
• At least 1-2 years' work experience in Incident Response
• Knowledgeable in Security Monitoring and Service Management Tools

Details:
Job Description

A Information Security Analyst, also known as a Security Incident Responder, is responsible for identifying, investigating, and responding to security incidents within an organization. Their primary role is to protect information systems and data from threats such as cyberattacks, breaches, and unauthorized access.

Key Responsibilities Include:

• Monitoring security alerts and network activity to identify potential incidents or threats.
• Investigating anomalies and determining the nature and scope of security incidents.
• Responding rapidly to security incidents, containing threats, eradicating malicious activity, and recovering affected systems.
• Conducting digital forensics and root cause analysis to understand how an incident occurred.
• Documenting incidents, actions taken, and lessons learned to improve future response efforts.
• Collaborating with IT, legal, and compliance teams to ensure proper response and reporting.
• Developing and updating incident response plans, playbooks, and security procedures.
• Staying up-to-date with the latest cyber threats, vulnerabilities, and best practices.

Cybersecurity responders play a critical frontline role in defending organizations against ever-evolving cyber threats, helping minimize damage and ensuring business continuity.

Job Requirements

Details:

• 2-3 years of proven experience in Security Incident Response within a professional environment
• Strong knowledge of major operating systems, including Windows, Linux, and macOS
• In-depth understanding of network protocols and architectures (such as TCP/IP, DNS, VPN, etc.)
• Demonstrated experience working with Security Information and Event Management (SIEM) tools (e.g., Splunk, Microsoft Sentinel)
• Hands-on expertise in incident detection, analysis, response, and recovery processes
• Ability to conduct root cause analysis and recommend appropriate remediation steps
• Must have at least one recognized security certification
• Familiarity with cybersecurity frameworks and best practices is a plus
• Excellent problem-solving skills, with the ability to work calmly and efficiently under pressure
• Willingness to work in shifting schedules, including nights, weekends, and holidays
• Strong written and verbal communication skills, with the ability to document and convey technical information clearly to various audiences

About the Company

PhilWeb is a publicly listed company and the leading gaming technology provider in the Philippines. It excels in the gaming industry by offering superior and innovative products while maintaining the highest standards of customer service. The company establishes strategic partnerships to ensure a fair, secure, and legal gaming experience for customers. Additionally, PhilWeb fosters a rewarding and dynamic work environment that attracts, retains, and motivates highly competent, passionate, and innovative individuals, delivering above-market value for shareholders.

Job Title: Information Security Manager

Reports To: VP of Information Technology

Job Summary:

The Information Security Manager has the responsibility for managing the day-to-day operations and personnel in-charge of the development and implementation of the organization's various information security programs and will be responsible for all ongoing activities, projects and initiatives that serve to provide appropriate access and protect the confidentiality, integrity and availability of the network, applications, employees, and business information in compliance with organization policies and globally acceptable best practices and standards.

Working closely with the rest of the I.T. group, the 'Infosec Team' helps resolves technical issues pertaining to information security as well as provide human and material resources to complete assigned I.T. projects, initiatives and tasks.

Key Responsibilities:

• Create, maintain, Implement, and enforce an organization wide information security policy.
• Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager
• Provides direct training and oversight to all employees, affiliates, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures
• Initiates, facilitates, and promotes activities to create information security awareness within the organization
• Establish, manage, and perform information security risk assessments and serve as an internal auditor for security issues.
• Periodically review all network and system related security plans of the entire organization.
• Coordinates and inform/update the activities to the VP for Information of Technology
• Coordinates with 3rd party service providers and external organizations for information security requirements
• Advises the organization with current information about information security technologies and related regulatory issues.
• Monitors internal control systems to ensure that appropriate access levels are maintained
• Create, maintain, and implement a comprehensive disaster recovery and business continuity plan covering the vital information technology resources of the organization.
• Make the organization compliant with International Information Security Standards such as ISO and the like.
• Conduct periodic vulnerability assessment of all vital information technology resources and apply appropriate fixes or remedies to close potential risks.
• Manage the entire I.T. Information Security group by providing leadership, guidance, and developing programs and activities that will enhance productivity, increase work efficiency, improve morale, enhance camaraderie, and promote the well-being of each employee.
• Establish and administer the annual information security program budget and determine appropriate spending of the funds for the fiscal year.
• Maintain on-going professional development and obtain relevant education and certification for himself/herself and his/her qualified staff.

Qualifications & Experience:

• At least eight (8) years' experience in a combination of risk management, information security and IT jobs
• Solid communication skills to translate technical jargons to business-related decisions for management and clients
• Knowledge in Information Security Management frameworks
• Knowledge and experience in IT Infrastructure and Development
• Knowledge and experience in IT Operations with focus on IT Security
• Knowledge and experience in Cloud Computing
• Understanding of technologies, trends related to Information Security Management
• Can work independently
• Professional security management certification is an advantage
• Experience in managing organization compliance under ISO 27001 will be an advantage

Education: Bachelor's degree in information technology, Computer Science, Computer Engineering

Working Conditions: Office setting with a possibility of remote work arrangements.

Benefits: Health insurance, life insurance, paid time off, and opportunities for professional development.

Job Level & Salary Range

• Managerial Level
• Competitive salary, commensurate with experience.

An exciting opportunity has opened for an Information Security Officer at a growing fintech company in Pasig.

The Information Security Officer will serve as the bridge between legal/compliance and technology functions to ensure the company meets regulatory, security, and operational requirements. This role combines policy creation and governance with technical oversight, ensuring that security measures, standards, and audits are properly implemented, monitored, and validated across cloud and application environments.

What You'll Do

• Partner with company lawyers and compliance officers in creating, reviewing, and maintaining information security policies aligned with legal, regulatory, and industry standards (e.g., Data Privacy Act, ISO
• Translate policies into technical controls and processes across cloud infrastructure, applications, and systems.
• Oversee and validate penetration testing and vulnerability assessments (conducted internally or via third-party vendors); ensure findings are addressed and remediated.
• Coordinate and support security audits and certifications (ISO, regulatory audits, internal compliance reviews).
• Implement and monitor cybersecurity systems and tools (firewalls, SIEM, IDS/IPS, endpoint protection, etc.) to strengthen defenses.
• Continuously review and validate the effectiveness of existing security systems, controls, and processes.
• Act as subject matter expert (SME) for security compliance requirements, ensuring that business initiatives align with security best practices.
• Provide regular reports on the organization's security posture to leadership and stakeholders.

What You Bring

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field.
• Proven experience (3–5+ years) in information security, cybersecurity governance, or IT risk/compliance.
• Solid understanding of cloud security (AWS, Azure, GCP) and application security principles.
• Working knowledge of VAPT tools and methodologies (not necessarily hands-on, but enough to validate vendor/third-party results).
• Familiarity with ISO 27001, NIST, PCI-DSS, or similar standards.
• Experience supporting or managing security audits and compliance reviews.
• Strong communication skills, with the ability to work effectively with both technical teams and legal/compliance stakeholders.
• Security certifications (e.g., ISO 27001 Lead Implementer/Auditor, CISSP, CISM, CEH) are a plus.

What Sets This Company Apart

• Opportunity to build and shape the company's security governance framework in a fast-growing fintech environment.
• Exposure to both policy/regulatory and technical security domains.
• Collaborative environment working with cross-functional teams (Legal, Compliance, Engineering, IT).

What's Next
Should you wish to embrace a rewarding challenge wherein your expertise shapes the future of information security within a flourishing fintech environment—this is your distinguished opportunity.

Kindly submit your application today by clicking on the link provided—your next professional chapter awaits.

Due to the high volume of applications we are experiencing, our team will only be in touch with you if your application is shortlisted.

Job Roles and Responsibilities

I. Strategic Leadership and Governance:

• Develop and Execute Security Strategy: Lead the formulation, implementation, and continuous improvement of the BPO's information security strategy, aligning it with business objectives, client requirements, and regulatory compliance.
• Policy and Procedure Development: Create, maintain, and enforce comprehensive information security policies, procedures, and standards (e.g., access control, data handling, incident response, remote work security) that adhere to industry best practices and client SLAs.
• Risk Management:
• Conduct regular risk assessments to identify, analyze, and prioritize security vulnerabilities and threats across systems, networks, applications, and processes.
• Develop and implement mitigation plans to address identified risks, recommending appropriate security controls and technologies.
• Compliance and Regulatory Adherence:
• Ensure the BPO's compliance with relevant national and international data protection regulations (e.g., GDPR, HIPAA, PCI-DSS, local Philippine privacy laws).
• Oversee internal and external audits (e.g., ISO 27001, NIST) and ensure all security measures align with established frameworks.
• Prepare detailed reports for management and clients on compliance status and audit findings.
• Budget Management: Contribute to the development and management of the information security budget, ensuring optimal allocation of resources for security tools, training, and personnel.

II. Operational Security Management:

• Incident Response and Management:
• Develop and lead the organization's incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident analysis.
• Coordinate investigations into security breaches or incidents, performing root cause analysis and implementing corrective and preventive actions.
• Communicate incident status and impact to stakeholders, including senior management, legal, compliance, and affected clients.
• Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP.
• Vulnerability Management:
• Lead regular vulnerability assessments and penetration testing activities on infrastructure, applications, and networks.
• Oversee the patching and remediation of identified vulnerabilities.
• Analyze threat reports and security advisories to proactively protect against new threats.
• Security Monitoring and Operations:
• Oversee the continuous monitoring of IT systems and networks for suspicious activities, trends, and patterns using SIEM (Security Information and Event Management) tools.
• Ensure the effective operation and maintenance of security tools such as firewalls, IDS/IPS, antivirus, and data loss prevention (DLP) systems.
• Access Control Management: Oversee the implementation and enforcement of robust access control policies, ensuring only authorized personnel have access to sensitive data and systems, especially crucial in multi-client BPO environments.
• Data Protection and Privacy: Implement measures to protect the confidentiality, integrity, and availability of all data, including data encryption, secure data storage, and data backup and disaster recovery plans.
• Vendor Security Management:
• Assess and ensure the security posture of third-party vendors and partners.
• Conduct risk assessments relevant to each vendor and collaborate with teams to address any identified risks.
• Ensure vendor compliance with the organization's security and compliance obligations.

III. Team Leadership and Development:

• Lead and Mentor: Guide, mentor, and manage a team of security professionals, fostering a security-first mindset across the organization.
• Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs for all employees, ensuring they understand their roles in maintaining security and recognizing potential threats (e.g., phishing).
• Collaboration: Work closely with IT, operations, legal, HR, and client-facing teams to integrate security into all aspects of the organization's operations.

IV. BPO-Specific Considerations:

• Client Relationship Management: Often serves as a key point of contact for clients regarding information security matters, including security audits, contractual compliance, and addressing client-specific security concerns.
• Multi-Tenancy Security: Understand and manage the complexities of securing data for multiple clients within a shared infrastructure, ensuring strict segregation and adherence to individual client requirements.
• Service Level Agreements (SLAs): Ensure that information security practices meet or exceed the security clauses defined in client SLAs.
• Global Security Standards: In organizations serving international clients, the Infosec Lead must be well-versed in a wide range of global security standards and regulations.

Job Qualifications:

1. Stop the Bleeding: Fixing Our Security Weaknesses

An InfoSec Lead is like hiring a master craftsman for our vault. They'll come in and:

• Rewrite the blueprints: They'll create clear, up-to-date security rules that everyone understands and follows.
• Reinforce the walls: They'll put in place the right technical systems and tools to automatically block unauthorized access and prevent data from leaving our control.
• Supervise the guards: They'll lead and train our existing IT team to be more vigilant and efficient in spotting and stopping threats. They'll also tell us exactly where we need more hands-on-deck if necessary.

2. Protecting Our Reputation and Keeping Clients Happy

In the BPO world, trust is everything. Our clients choose us because they believe we can handle their sensitive data safely. Every security incident, no matter how small, chips away at that trust.

An InfoSec Lead will actively:

• Build client confidence: They'll be our expert face when clients ask about our security. They'll assure them we're serious about protecting their data and demonstrate how we meet global privacy standards (like GDPR). This is crucial for keeping our current clients and winning new ones.
• Keep us out of trouble: They'll make sure we comply with all the complex data privacy laws, both locally in the Philippines and internationally. This prevents costly fines, legal battles, and damaging headlines.

Job Summary:

Compliance and Information Security team's Assistant Manager/Senior Executive will be a part of the core Compliance team and will help drive, manage, implement & evaluate the certifications and compliance standards. He / She should supportthe organization to get certified and maintain ISO 9001, ISO 27001, HIPAA, SOC2, VAPT, PCI DSS, HITRUST, other Cyber security frameworks and assessments.

• Manage all tasks of the Compliance and Information Security team for all locations in the Philippines (Manila and Ilo Ilo).
  • Communicate with internal and external stakeholders regarding all compliance-related activities.
  • Participate in compliance audit programs both internally and externally for ISO, HIPAA, SOC2, VAPT, PCI DSS, and HITRUST, as and when needed.
  • Develop and review company policies and procedures, handle compliance training programs, and monitor compliance related matters.
  • Educate stakeholders to implement corrective actions.
  • Ensure that corrective actions are adequate and have been implemented for all identified compliance deficiencies.
  • Promote awareness related to information privacy and security and enforce compliance across the enterprise.
  • Help implement and manage the compliance program effectively.
  • Report to the MR/CISO/management about the status of compliance in the organization through detailed reports.
  • Create, manage, and track effective action plans in response to audit observations and compliance violations.
  • Manage and perform internal audits to identify possible weaknesses or risks in the company's information security management system.
  • Perform additional audits as and when necessary.
  • Assess the organization's processes to determine compliance risks and formulate necessary risk mitigation plans.
  • Ensure that all employees are aware of their compliance responsibilities.
  • Support teams in conducting BIA, documenting and managing risks, managing BCP incidents, and planning and conducting BCP tests.
  • Working with vendors and external auditors on all audit and assessment tasks and ensuring to close the loop with them.
  • Work with the vendors to perform third-party audits based on the frequency.
  • Work with internal stakeholders to fill out the client questionnaires and RFP documents to submit them on time.

Job Type: Full-time

Pay: Up to Php75,000.00 per month

Application Question(s):

• Knowledge of Information Security.
• Knowledge of PCI DSS and VAPT assessments.
• Knowledge of SOC 2, HIPAA and HITRUST Audits.
• Hands on experience of managing BCP incidents.
• Knowledge of latest ISO 27001 standard, PCI DSS, and HIPAA.
• Internal and External audit experience of ISO standards ISO 27001.

Experience:

• Compliance, Information Security and BCM Domains: 5 years (Required)

License/Certification:

• ISO27001 Lead Auditor (Required)
• PCI DSS implementor. (Required)

Work Location: In person

What User Access Management Contributes To Cardinal Health
The User Access Management team is responsible for managing identity and attributes for employees, contractors, customers, vendors, etc.

Ensures compliance with Cardinal Health security requirements for applications in the organization in relation to identity and access.

Analysts within the team ensure the right access to the right applications at the appropriate time through provisioning efforts, IdentityIQ management, SAP, and approval enforcement.

Functional Competencies

• Maintain efforts to streamline the user provisioning processes.
• Improve the transparency of access for our entitlement owners and managers.
• Serve as the point of escalation from the business and IT; execute the provisioning steps needed to ensure an efficient and compliant process.
• Partner with application teams to provide security, governance, and provisioning services enterprise-wide.
• Minimum cross knowledge to provide process improvement of how the ENTIRE team works together to streamline job functions.

Activities/accountabilities Include The Following

• Partners with application teams to create/streamline provisioning processes.
• Serve as liaison between business and IT to determine appropriate access for users, including user consultations, SoD checks, and access determination.
• Able to take a group of users, review the access and identify changes that can be made to ensure consistency and repeatability in provisioning that group.
• Ensures the consistency and cleanliness of the environments we manage.
• Ensures all documentation on tasks performed has been updated and published in a shared location.
• Act as an advocate for access controls and identity access management (IAM) services, ensuring correct/appropriate standards and processes are being adhered to
• Achieve quality review standards of no repeat errors.
• Initiate regular reviews of user to role mappings to ensure access meets the security design and security/access related problem resolution.
• Focus on automation opportunities/improvements.

Qualifications

• Application access support/administration
• Functional experience with security principles, specifically access management.
• Process improvement and lean principles.

Candidates who are back-to-work, people with disabilities, without a college degree, and Veterans are encouraged to apply.
Cardinal Health supports an inclusive workplace that values diversity of thought, experience and background. We celebrate the power of our differences to create better solutions for our customers by ensuring employees can be their authentic selves each day. Cardinal Health is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state or local law.