INFORMATION SECURITY COMPLIANCE LEAD

It is the spirit of Bayanihan that drives us to continue our legacy of excellence and commitment to care. As an organization, we achieve our successes through good, honest, and persevering hard work - TOGETHER. It is in this way in which our company was built; we progressed as the country's leading Pharmaceutical company, not by sheer luck, but by pure perseverance, integrity, and brotherhood. Grow with us, and be a part of the Bayanihan spirit.

Job Summary: 

The Information Security Compliance Lead is responsible for overseeing the development, implementation, and management of the information security compliance program within the Unilab Group. He / She must ensure that all information security practices adhere to industry standards, regulatory requirements, and internal policies. This role involves close collaboration with various departments to ensure that compliance measures are effective and aligned with the organization's overall business goals. 

Key Duties and Responsibilities: 

1. Leadership and Team Management 

• Lead and mentor a team of Information Security Compliance Specialists, providing guidance, support, and professional development opportunities. 

• Allocate tasks, manage workloads, and ensure that the team meets its objectives and deadlines. 

• Conduct regular performance evaluations and provide feedback to team members. 

2. Compliance Program Development 

• Develop, implement, and maintain the information security compliance program across the organization, ensuring alignment with industry standards and regulatory requirements such as ISO 27001, NIST, CIS-CSC, etc. 

• Establish and document policies, procedures, and controls to meet regulatory requirements and industry best practices. 

3. Risk Management 

• Identify, assess, and manage information security risks, ensuring that appropriate mitigation strategies are in place. 

• Conduct regular risk assessments and audits to evaluate the effectiveness of compliance measures and identify areas for improvement. 

• Report on compliance status and risk levels, providing recommendations for action. 

4. Regulatory Compliance 

• Ensure that the organization complies with all relevant information security regulations, such as data protection laws (RA10173), industry-specific regulations, and international standards. 

• Monitor changes in the regulatory landscape and update the compliance program as necessary. 

• Liaise with legal and regulatory bodies to ensure ongoing compliance and address any concerns or findings. 

5. Incident Management 

• Oversee the investigation and response to information security incidents, ensuring that they are managed in compliance with internal procedures and regulatory requirements. 

• Collaborate with other departments to ensure that incident response plans are effective and regularly tested. 

6. Training and Awareness 

• Develop and deliver information security compliance training programs for employees across the organization. 

• Promote a culture of security awareness by conducting regular training sessions, workshops, and communications on compliance-related topics. 

7. Audit and Reporting 

• Coordinate internal and external audits of the information security compliance program, ensuring that all findings are addressed promptly. 

• Prepare and present detailed compliance reports to senior management, highlighting key metrics, issues, and recommendations. 

8. Stakeholder Collaboration 

• Work closely with IT, Legal, HR, and other relevant departments to ensure that information security practices are integrated into business processes. 

• Engage with external partners, vendors, and auditors to ensure compliance with contractual obligations and industry standards. 

9. Continuous Improvement 

• Stay up-to-date with emerging trends and threats in information security and compliance. 

• Continuously improve the compliance program by implementing new tools, techniques, and practices that enhance the organization’s security posture. 

10. Budget Management 

• Manage the budget for the information security compliance team, ensuring that resources are allocated effectively and within financial constraints. 

Required Qualifications:

• Graduate of Computer Engineering, Computer Science, Information Technology or other relevant science, technical and engineering courses 
• With at least 5-7 years of information security / data privacy practice
• Can easily transition to a fast-paced environment and familiarize himself on business matters that can affect the security posture of the company
• Can communicate, present, and negotiate effectively, with strong command of the English language, both written and oral
• Has a keen eye on details with strong planning and analytical skills
• Knowledgeable in securing Network, Identity Access, Cloud systems, Endpoint devices, web and mobile applications
• Familiarity with security frameworks and privacy regulations (e.g. NIST Cybersecurity framework, CIS-CSC, ISO27001, Data Privacy Act) and risk management methodologies
• Relevant experience in Identity Access Management and Information Security Incident Response handling is a plus.
• Experience in designing and securing cloud platforms hosted in Amazon, Azure and Google

We are committed to providing our employees with the best possible experience. As a LEARNING ORGANIZATION, we are eager to support your development and create the most fitting career path for you. As DESIGNERS AND DRIVERS OF INNOVATION, we are keen to provide you with opportunities to positively transform processes that will intensify business growth. As a NURTURING FAMILY, we are passionate about conducting programs that can promote your wellness, and help you be the best that you can be. As BELIEVERS OF OUR PURPOSE, we are and we will always remain earnest in giving meaningful tasks that will keep you delighted and fulfilled - at work and beyond.