This role is tasked to implement necessary controls and procedures as mandated by the Global and SMI standards to ensure the safety of information systems and assets. Emphasis of this position is on policy improvement, deployment, monitoring and maintenance, user education and awareness, access control, vulnerability and patch management, and endpoint and network security.

Key responsibilities :

• ICT Security Services - Build on the developed SMI information security policies, standards and procedures and oversee dissemination within SMI. This includes implementation and monitoring of systems and network security based on Xstrata Global and SMI information security policies; conduct of regular user access audit and providing recommendations to address issues; administration of all ICT security related servers / workstations and local improvements; monitoring and management of ICT fixed assets related to information security; participation in projects with dependencies on the ICT security services; and identification of potential threats and vulnerabilities, assessment of the risks of these to the organization, and implementation of appropriate corrective or preventative action.

• Information Security Education and Awareness - Coordinate the development and delivery of an education and training program on information security and privacy matters for all users to promote information security sensitivity throughout the company.

• Incident Response and Disaster Recovery - Undertake testing and evaluation of disaster recovery plans, ensure consistent implementation of Incident Reporting and Response Systems to address security incidents / breaches, and respond to alleged privacy violations or complaints from users.

• Risk Assessment and Incident Prevention - Implement ongoing risk assessment programs targeting information security and privacy matters, recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.

Key requirements :

• Bachelor’s degree in Computer Science or Computer Engineering
• At least 3 years practical experience in planning, management, implementation and maintenance of information security policies and procedures in an enterprise scale deployment
• Experience in developing and administering information security programs and methodologies is a must; with working knowledge of and experience in policy and regulatory environment for information security
• Preferably with advanced networking skills and certifications in Cisco and CompTIA Network+ and knowledge in Checkpoint, Symantec, MailSweeper and WSUS
• Strong oral and written communication skills
• Ability to work with a broad range of people and personality types
• Computer proficiency

It is unlawful to employ a person who does not have permission to live and work in the Philippines. Unless the advert states otherwise, please ensure you have this permission before applying.