ISMS and Audit Executive
50597, Philippines
Education
Bachelor’s degree in Information Technology, Computer Science, Engineering, Accountancy, or any related course/discipline.
Qualifications
- Over 5 years of strong leadership in IT and cybersecurity, specializing in Information Security Management Systems (ISMS), audit practices, Governance, Risk, and Compliance (GRC), as well as regulatory, industry and international standards.
- Demonstrates a proven track record in leading enterprise-wide security audits and contributing to the management of compliance programs aligned with cybersecurity frameworks such as ISO/IEC 27001 and the NIST Cybersecurity Framework (CSF).
- Exhibits strong capability in cross-functional collaboration, enhancing security control maturity, and maintaining alignment with evolving regulatory and industry standards.
Duties and Responsibilities
Leads the enterprise-wide information security compliance strategy to ensure regulatory alignment, audit readiness, and continuous control improvement. Manages and supervises a team of compliance auditors, providing guidance and mentorship while overseeing audit governance and execution. Drives the development and implementation of audit programs and closure of compliance gaps, in collaboration with internal and external audit partners. Ensures compliance efforts align with industry standards and evolving regulatory requirements, while proactively monitoring developments to strengthen the organization’s security posture and governance maturity.
Audit Issue Management and Resolution
Oversees audit-related activities, ensuring timely and complete resolution of all audit findings. Coordinates with relevant stakeholders to implement sustainable remediation plans that address root causes and prevent recurrence.
Remediation Oversight and Timeline Management
Ensures that all remediation plans are comprehensive, actionable, and executed within agreed timelines. Monitors progress and escalates risks to timely closure, reinforcing accountability and governance discipline.
Stakeholder Engagement and Compliance Closure
Partners with internal and external audit teams to drive the closure of compliance gaps of the Cyber Security Operations Group (CSOG). Facilitates cross-functional collaboration to ensure audit recommendations are fully addressed and compliance maturity is continuously improved.
Security Control Validation and Gap Management
Conducts independent validation of cybersecurity control process. Identifies and tracks remediation of process gaps, ensuring that corrective actions are effectively implemented and aligned with industry best practices.
Information Security Compliance Auditing
Leads the execution of regular audits across the PLDT Group to assess compliance with the Corporate Information Security Policy (CISP) and other security controls, including but not limited to ISO/IEC 27001 and the NIST Cybersecurity Framework (CSF).
Regulatory Intelligence and Best Practices
Monitors evolving regulatory requirements and industry best practices to proactively enhance the organization’s compliance posture. Ensures continuous improvement of audit methodologies and control frameworks.
Tool Management and Delivery
Leads the deployment, integration, and continuous enhancement of compliance tools that enforce security policies and support regulatory adherence through effective utilization, governance, and audit-aligned capabilities.
Project Management
Ensures timely and high-quality delivery of technical assessments for key information security initiatives, in collaboration with the Capability and Delivery team.
People Management
Provides timely, constructive feedback on staff and supervisor performance. Acts as a mentor and role model, fostering growth and development. Ensures the creation and execution of effective succession plans to build future leadership.
Operational Support
Provide leadership and support for additional duties and responsibilities as assigned, ensuring alignment with organizational priorities and operational excellence.