Development, implementation and maintenance of Security Programs, Policies and Procedures Supports in the development of applicable globally-accepted standards, guidelines and procedures to achieve compliance to security policies and programs Contributes in the formulation and enhancement of the corporate Information Security Policy Implements and maintains established information security management program of the company Maintains reliability and integrity of the IT infrastructure by developing, implementing and exercising: Comprehensive Business Continuity Plan (including documentation of detailed procedures) to help the organization achieve recovery capabilities at an alternate site (Disaster Recovery Center) Incident Management Process (including documentation of detailed procedures) how to handle security incidents Other security programs in pursuit of new regulatory or legal compliance as authorized and approved by the Management Development, implementation and maintenance of IT Risk Management Process for IT Infrastructure Assists owners/custodians identify, evaluate, assess and secure their information assets Assists in determining the security posture of IT systems, applicability and effectiveness of implemented controls Generates and submits compliance and security assessment findings, recommendations and reports to the department manager Research and development of applicable controls from emerging security trends and technologies Selects, evaluates, recommends security controls Monitors and generates reports of the security program implementation, business continuity and recovery testing and activities during security assessments Development, implementation and maintenance of Procedural and Technical Security Controls Implements recommended security controls resulting from the risk assessment Monitors and generates reports of system status, performance and security events of implemented security controls Resolves issues arising from problems encountered on implemented security controls and/or escalates to third-party technical support Monitors and handles security incidents in accordance to established Incident Management Procedure which may involve coordination with other departments and external parties Maintains technical security controls managed by the department by conducting regular maintenance activities not limited to backup of systems Develops and maintains processes, procedural documents and up-to-date inventory of deployed and implemented security controls Observes and facilitates change management process for equipment, facilities, hardware and software utilized in the IT infrastructure Extended Delivery of Security Services (Security Education/Awareness Program, Consultancy and others) Supports in the development and conduct of approved information security awareness program to all employees and third-party personnel engaged with the company Assists in providing technical consulting services in accordance with approved standards to other departments on matters related to information security Assists the department in coordination with the Legal Division to achieve regulatory and legal compliance Works with internal and external/third-party auditors and consultants Coordinates with other Technical teams so that reliable and secure services are provided to internal and external clients Supervises the activities of third-party personnel/consultant whenever they are working on-site Regularly attends conferences, professional association meetings and technology seminars to remain well-informed with the latest information security technological developments. Performs other job-related tasks and projects that may be assigned by his/her superiors from time to time.