Cybersecurity Risk and Compliance Manager

The Security Governance & Compliance Specialist is responsible for ensuring the security of all aspects of personnel, physical and IT security at all DIS Makati R&D and Business activities as well as related topics in the region as needed. This position is also required to provide technical consultation, guidance, training and assistance to users with reference to security policy clarification and remediation, as required.

• DIS Makati Security Governance & Compliance Specialist (R&D/BU) needs to coordinate closely with Asia
• Business Security & Compliance Manager to ensure actions/plans align with Thales DIS security roadmap and participate in security audits both internally and externally.

The role will interface with peers in Asia Security team, Asia IT Security team and with business users (R&D, GGS, Sales, Technical Consultant, etc), to share the DIS Central security vision and to solicit their involvement in achieving high levels of enterprise security through information sharing and co-operation, manage DIS R&D / Business security risks through explicit management control and meet customers’ expectations for Information Security.

Missions and Responsibilities :

At DIS Makati R&D and Business activities as well as related business security and compliance at all regional sites as needed.

• Acting in accordance with the DIS Central Security Management System and DIS Central Security Policy to manage all aspects of R&D SW Development Security, IT Security, Personnel Security and Physical Security
• Develop and maintain the Site Security Management System (SMS) to fulfill the regulatory requirements and ensure that an adequate level of security is enforced in all software development and new business activities.
• Provide vision to management and take necessary steps to measure propose thesecurity controls needed to protect information and assets as well as information that has been entrusted to Thales DIS by third parties and customers.
• Enforce implementation of Thales DIS security policies effectively identify, evaluate, monitor, report and mitigate security risks
• Enforce R&D security compliance in the area of source code management, change management and configuration management with Asia IT Security team.
• Proactively monitoring and manage physical security management system, such as Access Control System, Alarm System and CCTV system on daily basis.
• Conduct Physical & Logical security audit internally and complete corrective actions within stipulated timeline.
• Initiates, facilitates and promotes activities to raise security awareness for employees, vendors and other stakeholders as required.
• Conduct physical and logical security assessments and evaluate new security threats and assess their impacts to Thales DIS information assets.
• Ensure R&D center security level compliance with security standards from both DIS Central internal audit and external audit.
• Coordinate with Asia IT Security team and ensure that firewall rule reviews, antivirus management, vulnerability management and patch management are timely performed with systems free of “Critical” issues.
• Coordinate with Asia IT Security team and perform regular checks on R&D systems to eliminate blacklisted software and ensure compliance with Thales DIS Software Policy.
• To formulate security audit plan with Asia Regional Security Manager and perform internal audits of all Makati DIS R&D & Business activities as needed.
• Manage and coordinate with Security supplier, supervise service level and ensure the compliance with service contract.
• Liaise with contractor(s) working on security equipment and ensure the contractual conformity of their performances.

Required Education/Certificate:

• Bachelor’s Degree (IT / Security / Computer Science) or equivalent.
• Appropriate Security Qualifications or Certifications such as CISSP, CISM, CISA and/or other IT security related certification is a plus

Working Experience:

• 3-5 Years of IT / Security Operations Experience with Physical security operations in managing access controls systems, CCTVs, alarms etc.
• Broad experience of IT going beyond individual components (hardware, software, network, etc.)
• Hands on experience in security solution implementations

Technical Skills:

• Knowledge of software development process and related risks
• Experience in implementation and monitoring security policies
• Ability to investigate and identify root cause of security incidents.
• Trainer experience is a plus.

Personnel Skills:

• Must be a self-starter, with limited supervision and be able to work effectively in a challenging business environment.
• Good analytical, presentation and reporting skills
• Possess strong self-responsibility and teamwork skills.
• Strong interpersonal and communication skills required.
• Ability to liaison and communicate with all levels of people.
• Independent, approachable and analytical; and

Language:

• Fluent in spoken and written English and regional languages if any would be an advantage.