[ref. z9316921] Security and Compliance Senior Manager (Information Security)

The individual will implement security frameworks, ensure adherence to industry regulations, and mitigate risks associated with AI and data privacy.

KEY RESPONSIBILITIES

• Develop and enforce security policies, procedures, and AI compliance frameworks.
• Ensure compliance with industry standards such as ISO 27001, VAPT, GDPR, HIPAA, SOC 2, AI Act regulations, and other compliance requirements.
• Conduct risk assessments and audits to identify vulnerabilities and recommend security enhancements.
• Establish AI ethics and governance policies to ensure responsible AI deployment.
• Prepare compliance reports, support audit processes, measure SOC performance metrics, and report on security incidents.
• Support security audits, including follow-ups, documentation reviews, performance tests, tabletop exercises, and corrective action plans for identified risks.

• Implement AI security best practices, including adversarial attack defense, model robustness, and bias mitigation.
• Assess risks related to AI-driven decision-making and data processing.
• Develop frameworks to monitor AI security incidents and model performance.
• Identify potential risks across finance, operations, compliance, cybersecurity, and other business areas.
• Evaluate risk likelihood and impact using qualitative and quantitative analysis.
• Develop policies, controls, and procedures to minimize security risks.

• Continuously monitor for cyber threats using Security Information and Event Management (SIEM) tools.
• Collect and analyze threat intelligence from various sources (e.g., logs, dark web monitoring, security vendors).
• Stay updated on emerging threats, vulnerabilities, and attack techniques.
• Conduct risk assessments to identify and classify security threats.
• Perform vulnerability scans and penetration testing to uncover security gaps.
• Collaborate with IT and security teams to patch vulnerabilities.
• Investigate security alerts and determine their potential risks.
• Prioritize incidents based on severity and impact.
• Isolate affected systems to prevent threat propagation.
• Apply remediation steps, such as disabling compromised accounts, blocking malicious IPs, and deploying security patches.
• Develop AI-driven threat detection and anomaly detection systems for proactive security.
• Conduct internal investigations to maintain organizational integrity and perform root cause analysis.
• Lead incident response teams in case of security breaches and data leaks.
• Implement AI-driven security automation tools to enhance defense mechanisms.

• Ensure AI models comply with global data protection laws, including GDPR, the California Consumer Privacy Act (CCPA), and the Philippine Data Privacy Act (PDPA).
• Establish data governance policies for ethical AI and automated decision-making.
• Conduct Privacy Impact Assessments (PIAs) for AI applications.

• Define incident response plans, playbooks, and escalation procedures.
• Train internal teams on risk management, AI security risks, and compliance requirements.
• Conduct regular security awareness programs for employees and stakeholders.
• Lead the company in the review and implementation of the Business Continuity Plan.
• Conduct phishing simulations and security training for employees.
• Educate employees on secure practices to prevent social engineering attacks.
• Manage security training programs and support global teams in implementing best practices.

• Cybersecurity Expertise: Cloud security, endpoint security, encryption, Identity and Access Management, and zero trust.
• AI & ML Security: AI model risk assessment, adversarial AI defense, explainability.
• Regulatory Compliance: ISO 27001, VAPT, GDPR, HIPAA, AI Ethics guidelines.
• Incident Response: Threat intelligence, SIEM tools, forensic analysis.
• Risk Assessment & Audits: Penetration testing, vulnerability assessments.

Soft Skills Requirement:

• Strong leadership and decision-making abilities.
• Quick Decision Making under pressure
• Strong analytical and problem-solving abilities
• Excellent communication and Management Team skills.
• Ability to work in high-pressure environments and handle security crises.

Education & Experience:

• Bachelor’s/Master’s degree in Cybersecurity, Information Security, Computer Science, or related field.
• Certifications Preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or AI-specific security certifications.
• Experience: 10+ years in cybersecurity, risk Operations Management Team, or compliance; 3+ years in AI security.