Information Security Risk Manager

Phillipines

The Role:

As Hyphen Group’s Information Security Risk Manager, you will be responsible for performing risk assessment on application and infrastructure systems to identify and address risk areas and non-compliance to technology information security policies, standards, and regulatory requirements.

You will quickly understand our cyber security posture and assess Hyphen Group’s security requirements regarding information security design, architecture (e.g., blueprints applicable both to application and infrastructure) and implementation.

If you are: 

 

Responsibilities: 

 

Experience: 

 

Skills:

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.
 
Apply for this job
* Required
Resume/CV *
Cover Letter
GDPR

When you apply for a job on this site, the personal data contained in your application will be collected by Hyphen Group (“Hyphen Group” or “we”), a company registered and incorporated in Hong Kong and which can be contacted by emailing jobs@hyphengroup.io. Hyphen Group (the “Group”), is a group of companies that provide price comparison services as well as financial services, insurance products, communications and other products and services across Asia.

Your data is stored in a range of systems and formats. These include in your recruitment file, in the Group’s HR management system and in other IT systems, including the Group’s email system.

Hyphen Group processes a range of information collected from you. Subject to applicable law, this may include:

  • your name, address and contact details, including email address and telephone number;
  • your gender and date of birth;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • details of your marital status and dependents;
  • candidate photographs;
  • details of your bank account;
  • Passport or other identification information; and/or
  • Information from compliance background checks.

Your personal data will be processed for the purposes of managing Jyphen Group’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, responding to and defending against legal claims, maintaining and promoting equal opportunities within the workplace and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under applicable Data Protection Laws as necessary for the purposes of the legitimate interests pursued by the Hyphen Group, which are the solicitation, evaluation, and selection of applicants for employment.

Who may have access to personal data?

Your information will be shared internally within the Group for the purposes of the recruitment exercise. This includes with members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, internal and external auditors and IT staff if access to the data is necessary for the performance of their roles.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Hyphen Group to help manage its recruitment and hiring process on Hyphen Group’s behalf.

Hyphen Group may share your personal data with third parties in order to, obtain pre-employment references from other employers, obtain employment background checks from third party providers and to obtain necessary criminal record checks.

How long do we hold your personal data?

Your personal data will be retained by the Group for so long as the Group determines it is reasonably necessary to evaluate your application for employment. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment in accordance with the contract of employment and our internal privacy policy.

What if you do not supply your personal data?

You are under no statutory or contractual obligation to provide data to the us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

The Role:

As Hyphen Group’s Information Security Risk Manager, you will be responsible for performing risk assessment on application and infrastructure systems to identify and address risk areas and non-compliance to technology information security policies, standards, and regulatory requirements.

You will quickly understand our cyber security posture and assess Hyphen Group’s security requirements regarding information security design, architecture (e.g., blueprints applicable both to application and infrastructure) and implementation.

If you are: 

  • Good at mentoring and enjoy communicating with different stakeholders. 
  • Remains composed when decisions have to be made quickly.
  • Flexible and able to adopt and propose new ways of doing work; 
  • Able to balance pragmatism with action with security
  • Truly passionate about customer data security

 

Responsibilities: 

  • Conduct security risk assessments and define information security requirements on projects, existing business and technology processes, cloud-based applications/infrastructure, and other types of information systems.

  • Service Provider and Vendor assessment - Identify security operations gaps, processes, associated risks, and mitigation strategies in Hyphen Group outsourced service provider, vendors, and partners environment.

  • Define, collect, and report technology Key Risk Indicators (KRI) / Key Control Indicators (KCI) and metrics that are relevant for management review.

  • Evaluate trends from defined KRIs / KCIs and compliance metrics to identify improvement in IT/Business processes and procedures.

  • You will be supporting all Hyphen Group’s markets that we operate in the region in terms of information technology security requirements, regulatory requirements, penetration, and vulnerability findings. 

  • You will be hands on for this role in terms of required technology and security controls, understanding how regulatory requirements are implemented in all different markets we operate. Including explanation on the technical details and how they can remediate the risk in the systems.

  • You will partner with application and platform/infrastructure teams to ensure risk areas are properly and effectively mitigated.

  • Coordinate the annual penetration test and work closely with the technology team to ensure prompt closure of the identified gaps.

  • Maintains awareness and understanding of industry trends on regulatory compliance, emerging threats, and technologies to understand the risk and better safeguard the organization.

 

Experience: 

  • A minimum of 5 years of relevant working experience performing information security risk assessment, preferably in both start-up and enterprise environments.

  • Strong experience in performing security assessment in a cloud-based environment, technologies, and services.

  • Hands-on experience working on cloud technology and services.

  • Excellent understanding of industry frameworks such as NIST framework, ISO 27001, PCI DSS, SOC 2, etc.

  • Excellent understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).

  • Familiar with Software/Applications Development Life Cycle best practices and IT controls over different operating systems, cloud technologies, etc. 

 

Skills:

  • Ability to prioritize and divide responsibilities, as well as influence people to take action to assist in the resolution of security gaps.

  • Strong understanding of the security assessment process and procedures.

  • Strong operations, systems, and network administration to understand and execute countermeasures and relevant remediation.

  • Knowledge of vulnerability management, red teaming, and penetration testing.

  • Creative, independent with good problem-solving skills.

  • A Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) qualification or equivalent certifications.

  • Good to have certifications.  

    • Certified Information Security Manager (CISM)

    •  AWS Certified Security Specialty (CSS)

    • Certified Cloud Security Professional (CCSP)

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.