212 Security Lead jobs in the Philippines

Job Description:

1. Lead the development and execution of security strategies and initiatives.
2. Monitor and respond to security incidents and threats.
3. Conduct risk assessments and vulnerability scans.
4. Ensure compliance with security standards (e.g., ISO 27001)
5. Manage security tools, technologies, and third-party services.
6. Provide guidance and training to staff on security best practices.
7. Collaborate with internal and external stakeholders on security matters.
8. Oversee the overall security contingency plan across project.

Minimum Requirements

• Certified Security Personnel
• With relevant number experience as detachment commander
• COSH holder is an advantage

Job Roles and Responsibilities

I. Strategic Leadership and Governance:

• Develop and Execute Security Strategy: Lead the formulation, implementation, and continuous improvement of the BPO's information security strategy, aligning it with business objectives, client requirements, and regulatory compliance.
• Policy and Procedure Development: Create, maintain, and enforce comprehensive information security policies, procedures, and standards (e.g., access control, data handling, incident response, remote work security) that adhere to industry best practices and client SLAs.
• Risk Management:
• Conduct regular risk assessments to identify, analyze, and prioritize security vulnerabilities and threats across systems, networks, applications, and processes.
• Develop and implement mitigation plans to address identified risks, recommending appropriate security controls and technologies.
• Compliance and Regulatory Adherence:
• Ensure the BPO's compliance with relevant national and international data protection regulations (e.g., GDPR, HIPAA, PCI-DSS, local Philippine privacy laws).
• Oversee internal and external audits (e.g., ISO 27001, NIST) and ensure all security measures align with established frameworks.
• Prepare detailed reports for management and clients on compliance status and audit findings.
• Budget Management: Contribute to the development and management of the information security budget, ensuring optimal allocation of resources for security tools, training, and personnel.

II. Operational Security Management:

• Incident Response and Management:
• Develop and lead the organization's incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident analysis.
• Coordinate investigations into security breaches or incidents, performing root cause analysis and implementing corrective and preventive actions.
• Communicate incident status and impact to stakeholders, including senior management, legal, compliance, and affected clients.
• Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP.
• Vulnerability Management:
• Lead regular vulnerability assessments and penetration testing activities on infrastructure, applications, and networks.
• Oversee the patching and remediation of identified vulnerabilities.
• Analyze threat reports and security advisories to proactively protect against new threats.
• Security Monitoring and Operations:
• Oversee the continuous monitoring of IT systems and networks for suspicious activities, trends, and patterns using SIEM (Security Information and Event Management) tools.
• Ensure the effective operation and maintenance of security tools such as firewalls, IDS/IPS, antivirus, and data loss prevention (DLP) systems.
• Access Control Management: Oversee the implementation and enforcement of robust access control policies, ensuring only authorized personnel have access to sensitive data and systems, especially crucial in multi-client BPO environments.
• Data Protection and Privacy: Implement measures to protect the confidentiality, integrity, and availability of all data, including data encryption, secure data storage, and data backup and disaster recovery plans.
• Vendor Security Management:
• Assess and ensure the security posture of third-party vendors and partners.
• Conduct risk assessments relevant to each vendor and collaborate with teams to address any identified risks.
• Ensure vendor compliance with the organization's security and compliance obligations.

III. Team Leadership and Development:

• Lead and Mentor: Guide, mentor, and manage a team of security professionals, fostering a security-first mindset across the organization.
• Security Awareness and Training: Develop and deliver comprehensive security awareness and training programs for all employees, ensuring they understand their roles in maintaining security and recognizing potential threats (e.g., phishing).
• Collaboration: Work closely with IT, operations, legal, HR, and client-facing teams to integrate security into all aspects of the organization's operations.

IV. BPO-Specific Considerations:

• Client Relationship Management: Often serves as a key point of contact for clients regarding information security matters, including security audits, contractual compliance, and addressing client-specific security concerns.
• Multi-Tenancy Security: Understand and manage the complexities of securing data for multiple clients within a shared infrastructure, ensuring strict segregation and adherence to individual client requirements.
• Service Level Agreements (SLAs): Ensure that information security practices meet or exceed the security clauses defined in client SLAs.
• Global Security Standards: In organizations serving international clients, the Infosec Lead must be well-versed in a wide range of global security standards and regulations.

Job Qualifications:

1. Stop the Bleeding: Fixing Our Security Weaknesses

An InfoSec Lead is like hiring a master craftsman for our vault. They'll come in and:

• Rewrite the blueprints: They'll create clear, up-to-date security rules that everyone understands and follows.
• Reinforce the walls: They'll put in place the right technical systems and tools to automatically block unauthorized access and prevent data from leaving our control.
• Supervise the guards: They'll lead and train our existing IT team to be more vigilant and efficient in spotting and stopping threats. They'll also tell us exactly where we need more hands-on-deck if necessary.

2. Protecting Our Reputation and Keeping Clients Happy

In the BPO world, trust is everything. Our clients choose us because they believe we can handle their sensitive data safely. Every security incident, no matter how small, chips away at that trust.

An InfoSec Lead will actively:

• Build client confidence: They'll be our expert face when clients ask about our security. They'll assure them we're serious about protecting their data and demonstrate how we meet global privacy standards (like GDPR). This is crucial for keeping our current clients and winning new ones.
• Keep us out of trouble: They'll make sure we comply with all the complex data privacy laws, both locally in the Philippines and internationally. This prevents costly fines, legal battles, and damaging headlines.

Job Roles and Responsibilities

I. Strategic Leadership and Governance:

• Develop and Execute Security Strategy:
  Lead the formulation, implementation, and continuous improvement of the BPO's information security strategy, aligning it with business objectives, client requirements, and regulatory compliance.
• Policy and Procedure Development:
  Create, maintain, and enforce comprehensive information security policies, procedures, and standards (e.g., access control, data handling, incident response, remote work security) that adhere to industry best practices and client SLAs.
• Risk Management:
• Conduct regular risk assessments to identify, analyze, and prioritize security vulnerabilities and threats across systems, networks, applications, and processes.
• Develop and implement mitigation plans to address identified risks, recommending appropriate security controls and technologies.
• Compliance and Regulatory Adherence:
• Ensure the BPO's compliance with relevant national and international data protection regulations (e.g., GDPR, HIPAA, PCI-DSS, local Philippine privacy laws).
• Oversee internal and external audits (e.g., ISO 27001, NIST) and ensure all security measures align with established frameworks.
• Prepare detailed reports for management and clients on compliance status and audit findings.
• Budget Management:
  Contribute to the development and management of the information security budget, ensuring optimal allocation of resources for security tools, training, and personnel.

II. Operational Security Management:

• Incident Response and Management:
• Develop and lead the organization's incident response plan (IRP), including detection, containment, eradication, recovery, and post-incident analysis.
• Coordinate investigations into security breaches or incidents, performing root cause analysis and implementing corrective and preventive actions.
• Communicate incident status and impact to stakeholders, including senior management, legal, compliance, and affected clients.
• Conduct tabletop exercises and simulation drills to test the effectiveness of the IRP.
• Vulnerability Management:
• Lead regular vulnerability assessments and penetration testing activities on infrastructure, applications, and networks.
• Oversee the patching and remediation of identified vulnerabilities.
• Analyze threat reports and security advisories to proactively protect against new threats.
• Security Monitoring and Operations:
• Oversee the continuous monitoring of IT systems and networks for suspicious activities, trends, and patterns using SIEM (Security Information and Event Management) tools.
• Ensure the effective operation and maintenance of security tools such as firewalls, IDS/IPS, antivirus, and data loss prevention (DLP) systems.
• Access Control Management:
  Oversee the implementation and enforcement of robust access control policies, ensuring only authorized personnel have access to sensitive data and systems, especially crucial in multi-client BPO environments.
• Data Protection and Privacy:
  Implement measures to protect the confidentiality, integrity, and availability of all data, including data encryption, secure data storage, and data backup and disaster recovery plans.
• Vendor Security Management:
• Assess and ensure the security posture of third-party vendors and partners.
• Conduct risk assessments relevant to each vendor and collaborate with teams to address any identified risks.
• Ensure vendor compliance with the organization's security and compliance obligations.

III. Team Leadership and Development:

• Lead and Mentor:
  Guide, mentor, and manage a team of security professionals, fostering a security-first mindset across the organization.
• Security Awareness and Training:
  Develop and deliver comprehensive security awareness and training programs for all employees, ensuring they understand their roles in maintaining security and recognizing potential threats (e.g., phishing).
• Collaboration:
  Work closely with IT, operations, legal, HR, and client-facing teams to integrate security into all aspects of the organization's operations.

IV. BPO-Specific Considerations:

• Client Relationship Management:
  Often serves as a key point of contact for clients regarding information security matters, including security audits, contractual compliance, and addressing client-specific security concerns.
• Multi-Tenancy Security:
  Understand and manage the complexities of securing data for multiple clients within a shared infrastructure, ensuring strict segregation and adherence to individual client requirements.
• Service Level Agreements (SLAs):
  Ensure that information security practices meet or exceed the security clauses defined in client SLAs.
• Global Security Standards:
  In organizations serving international clients, the Infosec Lead must be well-versed in a wide range of global security standards and regulations.

Job Qualifications:

1. Stop the Bleeding: Fixing Our Security Weaknesses

An
InfoSec Lead
is like hiring a master craftsman for our vault. They'll come in and:

• Rewrite the blueprints:
  They'll create clear, up-to-date security rules that everyone understands and follows.
• Reinforce the walls:
  They'll put in place the right technical systems and tools to automatically block unauthorized access and prevent data from leaving our control.
• Supervise the guards:
  They'll lead and train our existing IT team to be more vigilant and efficient in spotting and stopping threats. They'll also tell us exactly where we need more hands-on-deck if necessary.

2. Protecting Our Reputation and Keeping Clients Happy

In the BPO world, trust is everything. Our clients choose us because they believe we can handle their sensitive data safely. Every security incident, no matter how small, chips away at that trust.

An
InfoSec Lead
will actively:

• Build client confidence:
  They'll be our expert face when clients ask about our security. They'll assure them we're serious about protecting their data and demonstrate how we meet global privacy standards (like GDPR). This is crucial for keeping our current clients and winning new ones.
• Keep us out of trouble:
  They'll make sure we comply with all the complex data privacy laws, both locally in the Philippines and internationally. This prevents costly fines, legal battles, and damaging headlines.

JOB SUMMARY

The Information Security Lead will play a critical role in shaping and executing our information security strategy. This role involves leading the development and enforcement of security policies, conducting risk assessments, overseeing incident response, and ensuring regulatory compliance. You will act as the champion for security across the organization, advocating for best practices while fostering a culture of security awareness.

A mid-level management position in nature, this role will serve as the catalyst for a successful career in Operational Management for the right candidate.

Develop & Execute Security Strategy

• Collaborate with the Infrastructure Security team to design and implement an organization-wide security strategy that addresses both proactive and reactive measures to protect sensitive data and systems.
• Align the organization's overall business strategy with information security priorities in collaboration with key stakeholders.
• Develop clear, measurable security objectives that are aligned with business goals and regulatory requirements.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI-DSS) and align security measures with regulatory requirements.
• Lead audits and ensure adherence to security frameworks such as ISO 27001, NIST, etc.

Risk & Vulnerability Management

• Identify, assess, and mitigate security risks and vulnerabilities across the infrastructure.
• Lead regular risk assessments and recommend appropriate security controls.
• Create and maintain data flow maps to ensure all relevant risks are identified in internal systems.
• Conduct regular scans and assessments of infrastructure, applications, and networks to identify vulnerabilities.
• Utilize industry-standard tools (e.g., Nessus, Qualys, or custom scripts) to detect flaws in configurations, code, and infrastructure.
• Collaborate with IT, development, and relevant teams to address risks and vulnerabilities.

Incident Response

• Drive investigations into breaches, coordinating with internal teams to mitigate damage and restore services.
• Prepare detailed incident reports including timeline, root cause, response actions, lessons learned, and follow-up activities.
• Work with relevant teams (e.g., IT, development) to eliminate threats and prevent recurrence.
• Communicate incident status and impact to key stakeholders (senior management, legal, compliance, etc.).
• Recommend improvements to detection, response time, and mitigation strategies.
• Conduct tabletop exercises and simulation drills to test the effectiveness of the Incident Response Plan (IRP).

Security Monitoring & Auditing

• Audit controls, tools, and systems to ensure proper tracking of security events.
• Perform routine security audits to identify threats and areas for improvement.
• Analyze threat reports and vendor advisories to update risk and vulnerability strategies.
• Conduct security audits to ensure compliance with standards (e.g., ISO 27001, NIST, PCI-DSS, GDPR), and use findings to improve the vulnerability management program.

Vendor Management

• Assess and ensure the security of external services, software, and systems.
• Conduct vendor-specific risk assessments and coordinate with teams to mitigate any identified risks.
• Ensure vendor compliance with company security and regulatory obligations.

Leadership & Mentorship

• Lead a team of security professionals by providing guidance, mentorship, and promoting a security-first mindset across the organization.

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Experience in information security with a focus on risk management, incident response, and compliance.
• Familiarity with security tools, firewalls, encryption, IDS/IPS, and vulnerability management.
• Expertise in security frameworks (e.g., ISO 27001, NIST, PCI-DSS).
• Hands-on experience with incident management, breach investigations, and response planning.
• Strong foundation in IT infrastructure, network, and security.
• Experience with cloud security (AWS, Azure, etc.), network security, and endpoint protection.
• Excellent communication skills to explain security concepts to both technical and non-technical audiences.
• Ability to lead and motivate teams while managing strategic and operational security tasks.
• Security certifications such as CC, CISSP, CISM, CISA, or similar are a plus.

• An opportunity to create or be part of something remarkable
• A competitive salary package based on your experience, skills, and character
• Company-sponsored Health Maintenance coverage on Day 1
• Career growth and learning opportunities
• Opportunities to collaborate across teams and with global business leaders
• A chance to contribute to charitable efforts just by doing your job well

ROLE

Determine the risk position of PLDT group as a result of changes in the technology architecture, products and services.

• Execute or review a general security review based on company-accepted standards and good industry practices.
• Execute or review a compliance assessment of PLDT's technology architecture, products and services to applicable regulations.
• Provide recommendations to improve the cybersecurity risk position of PLDT's technology architecture, products and services as a result of technical security testing.

EXPERIENCE

• At least 6 years' work experience in Technology or Information Security
• Supervisory experience
• Preferably with relevant industry-recognized certifications: CISA, CISM, CRISC, Sec+, CISSP, CEH
• Preferably with prior experience in successful handling of client-facing roles in a project leadership capacity.

With relevant and meaningful experience in any of the following fields:

• Information Security (any field)
• Information Technology (any field)
• Telecommunications technology
• Information Systems Audit
• Operational Risk o Process and Policy Development
• Compliance

PERSONALITY/TRAITS/SOFT SKILLS

• Display clear and definite interest to pursue a career in Information Security
• Above average communication skills - both oral and written

Skills & Experience

· Mandatory

o Knowledge of latest ISO 27001 standard, PCI DSS, and HIPAA.

o Internal and External audit experience of ISO standards ISO 27001.

o Knowledge and audit experience of HIPAA compliance and HITRUST requirements.

o Should have knowledge/hand on experience on working on SOC 2/ HITRUST/PCI DSS, requirements.

o Should have hands-on experience in VAPT, Vulnerability management, and cyber security management.

o Should have knowledge of the basic ITGC controls/Information Security.

o Certified Lead Auditor for ISMS and Certified PCI DSS implementor.

o Experience in coordinating with vendors and internal stakeholders for different compliance and information security tasks.

o Should have knowledge of BCP/DR and conduct BCP tests.

o Experience in handling Risk Management Audits, Risk Registers, BIA processes.

o Knowledge and experience of Risk Management standards i.e. ISO 31000.

o Knowledge and experience of all BCM implementation based on ISO 22301.

o Good written and verbal communication skills.

· Desired

o Knowledge of Information Security.

o Knowledge of PCI DSS and VAPT assessments.

o Knowledge of SOC 2, HIPAA and HITRUST Audits.

o Hands on experience of managing BCP incidents.

Job Type: Full-time

Pay: Up to Php130,000.00 per month

Benefits:

• Paid training

Work Location: In person

Job Description:

• Provides overall leadership and direction to the Security Administration, Operations, CCTV and Investigations Leads to ensure unified planning and implementation of security initiatives.
• Aligns security functions with company vision, mission, and evolving operational demands.
• Oversees the integration of strategic security planning, risk management, and operational enforcement into day-to-day hub and network operations.
• Leads the formulation, review, and enforcement of SPX Security policies, manuals, SOPs, and directives.
• Evaluates security programs and updates standards to address emerging risks, technologies, and best practices.
• Ensures all procedures and measures are aligned with government regulations and legal requirements.
• Represents company in court litigations when required.
• Supervises real-time response to major security incidents, threats, or investigations that may affect company operations.
• Provides top-level decisions during crises or high-impact security breaches, ensuring timely resolution and mitigation.
• Directs the application of root cause analysis and ensures that corrective and preventive actions (CAPA) are executed and documented.
• Oversees complex investigations related to misconduct, theft, fraud, coercion, and other internal/external threats.
• Ensures that reports are conclusive, evidence-based, and prepared in a timely and secure manner.
• Coordinates with law enforcement, government agencies, and legal representatives as required.
• Acts as the main liaison between the Security Department and all other business units, including Operations, Legal, HR, and Partnerships.
• Ensures synchronized implementation of security protocols across hubs, fulfillment centers, and contracted service providers.
• Facilitates regular cross-functional security briefings, risk assessments, and strategic reviews.
• Guides the planning and execution of security awareness programs and training across all levels of the organization.
• Ensures all personnel, including FTEs and NFTEs, are trained and re-trained according to risk profile and operational demands.
• Promotes a proactive and inclusive security culture in SPX.
• Reviews and signs off on all key security reports, including inspection results, test reports, and investigation findings.
• Ensures documentation integrity, confidentiality, and compliance with internal classification policies.
• Leads the development of annual plans for surveys, inspections, exercises, and tests with clear performance metrics.
• Sets SOPs and standards for security set up for SPX facilities.

Requirements:

• Bachelor's Degree in Criminology, Security Management, or related field (Master's or professional certifications preferred).
• Minimum of 8 years in progressively responsible roles in corporate security, investigations, or law enforcement.
• Proven leadership in multidisciplinary security teams.
• Strong grasp of security risk management frameworks, incident handling, and regulatory compliance.
• Excellent interpersonal, analytical, and crisis management skills.
• Experience liaising with external stakeholders such as government agencies, law enforcement, and third-party service providers.
• Amenable to travel nationwide.

Job Title: IT Security Lead

Location: Hybrid – Pasig City, Philippines

Reporting To: IT Manager

Industry: Food and Beverage Manufacturing

Employment Type: Full-Time

A leading food and beverage manufacturer known for its innovative product portfolio, including instant noodles, baked goods, culinary aids, and plant-based alternatives. The company is committed to delivering high-quality food solutions while maintaining operational excellence and sustainability across its global operations.

The IT Security Lead will be responsible for managing and strengthening the organization's cybersecurity posture. This position plays a key role in leading security initiatives, collaborating with external SOC providers, and driving the implementation of secure infrastructure and processes across the enterprise. The role requires a hands-on security expert with strong leadership skills and a deep understanding of emerging threats, tools, and technologies.

Key Responsibilities

1. Infrastructure Security

• Design and implement security architecture and roadmaps for infrastructure security tools including:

• Intrusion Prevention Systems (IPS)

• SIEM platforms
• Malware proxies
• Network/system access controls
• Firewalls and authentication devices
• Enterprise monitoring systems

2. Network Security

• Collaborate with network teams to ensure secure architecture across LANs, WANs, VPNs, routers, and wireless networks.
• Manage firewall policies and maintain application-level protections.

3. AI & Emerging Technology Security

• Monitor AI-related security risks and contribute to secure AI adoption.
• Conduct risk assessments on new technology implementations.

4. BYOD Management

• Develop, implement, and enforce secure BYOD (Bring Your Own Device) policies.
• Ensure secure access and data protection on personal devices.

5. Risk Management & Compliance

• Perform ongoing security risk assessments and define mitigation plans.
• Work with stakeholders to ensure compliance with internal policies and industry standards.

6. Malware & Virus Protection

• Manage antivirus and anti-malware systems.
• Analyze and respond to threat alerts and infection incidents.

7. Security Awareness & Training

• Lead employee security awareness initiatives, including phishing simulations and vendor-led training programs.

8. Incident Monitoring & Response

• Manage SIEM tuning, alerts, and threat detection systems.
• Coordinate incident response efforts and forensic investigations.
• Support vulnerability assessments and penetration testing (VAPT).

9. Leadership & Collaboration

• Provide mentorship to junior security staff and members of the Computer Security Incident Response Team (CSIRT).
• Collaborate cross-functionally to foster a security-first culture.

Qualifications & Requirements

• Education: Bachelor's or Associate degree in Computer Science, Information Technology, Engineering, or a related field.
• Certifications (preferred): CISSP, CISA, CISM, ISO 27001, SANS GIAC, CCNA Security, ITIL, or other relevant credentials.

• Technical Skills:

• In-depth knowledge of cybersecurity principles and frameworks

• Experience with SIEM, firewalls, IDS/IPS, VAPT, and endpoint protection
• Familiarity with AI and cloud security trends
• Strong scripting capabilities (e.g., Python, Perl, Java, Ruby)
• Policy development and risk assessment proficiency
• Understanding of regulatory standards and compliance (e.g., ISO, NIST, GDPR)