Information Security Governance Manager

Phillipines

The Role:

 

 

If you are: 

Responsibilities: 

Experience: 

Skills:

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.
 
Apply for this job
* Required
Resume/CV *
Cover Letter
GDPR

When you apply for a job on this site, the personal data contained in your application will be collected by Hyphen Group (“Hyphen Group” or “we”), a company registered and incorporated in Hong Kong and which can be contacted by emailing jobs@hyphengroup.io. Hyphen Group (the “Group”), is a group of companies that provide price comparison services as well as financial services, insurance products, communications and other products and services across Asia.

Your data is stored in a range of systems and formats. These include in your recruitment file, in the Group’s HR management system and in other IT systems, including the Group’s email system.

Hyphen Group processes a range of information collected from you. Subject to applicable law, this may include:

  • your name, address and contact details, including email address and telephone number;
  • your gender and date of birth;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • details of your marital status and dependents;
  • candidate photographs;
  • details of your bank account;
  • Passport or other identification information; and/or
  • Information from compliance background checks.

Your personal data will be processed for the purposes of managing Jyphen Group’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, responding to and defending against legal claims, maintaining and promoting equal opportunities within the workplace and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under applicable Data Protection Laws as necessary for the purposes of the legitimate interests pursued by the Hyphen Group, which are the solicitation, evaluation, and selection of applicants for employment.

Who may have access to personal data?

Your information will be shared internally within the Group for the purposes of the recruitment exercise. This includes with members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy, internal and external auditors and IT staff if access to the data is necessary for the performance of their roles.

Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Hyphen Group to help manage its recruitment and hiring process on Hyphen Group’s behalf.

Hyphen Group may share your personal data with third parties in order to, obtain pre-employment references from other employers, obtain employment background checks from third party providers and to obtain necessary criminal record checks.

How long do we hold your personal data?

Your personal data will be retained by the Group for so long as the Group determines it is reasonably necessary to evaluate your application for employment. If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your personnel file and retained during your employment in accordance with the contract of employment and our internal privacy policy.

What if you do not supply your personal data?

You are under no statutory or contractual obligation to provide data to the us during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

The Role:

 

  • As Hyphen Group’s Information Security Governance Manager, you will evaluate risks and develop security policies, standards, procedures, guidelines, and controls to manage the organization risks.

  • You will improve Hyphen Group’s security positioning through process improvement, policy, automation, and the continuous evolution of security capabilities.

  • You will be responsible for defining, maintaining critical reporting metrics for technology governance and for ongoing compliance monitoring of key technology related regulatory obligations and requirements.

 

If you are: 

  • Good at mentoring and enjoy communicating with different stakeholders. 

  • Remains composed when decisions have to be made quickly.

  • Develops and implements new and improved ways of doing work; encourages staff and guide organization and foster a positive security behaviour and posture.

Responsibilities: 

  • You will be a Governance Risk & Compliance (GRC) subject matter expert (SME) to ensure security policies and assessments are in place. 

  • As GRC SME you will be working very closely with internal both technical and non-technical stakeholders and you need to be well versed in governance, risk, compliance, and audit background experience. 

  • Implements processes, such as GRC technology platform to automate/orchestrate and continuously monitor information security controls, compliance, certifications, exceptions, risks, and independent assurance & testing.

  • Develop reporting metrics (e.g., risk reporting), dashboards, and evidence artifacts.

  • Establishes and oversees the executions of Hyphen Group’s policies and standards, governance processes to create reliable solutions to preserve the internal controls, processes, and compliance effectiveness.

  • Outline key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, risk, security framework alignment, program maturity and operations.

  • Develop and manage an information security risk register to address risks, issues, and action plans from all sources such as risk identified from technology risk assessments, vendor risk, and risk that may impact the business, etc.

Experience: 

  • A minimum of 8 years of relevant working experience with excellent understanding of information security and security governance, risk and compliance frameworks, methodologies, and practices, preferably in both start-up and enterprise environments.

  • Excellent experience defining, revising, and implementing corporate information security policies, standards, processes, guideline, and related regulatory expectations.

  • Implementing GRC solutions/platform. 

  • Experience with various industry frameworks and requirements including NIST framework, ISO 27001, PCI DSS, SOC 2, etc.

  • Excellent understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).

  • Experience working on cloud technology and services. 

Skills:

  • Developing and implementing governance, risk, and compliance strategy, program, and solutions.

  • Ability to communicate information security, compliance, and risk related concepts to both technical and non-technical audiences at various levels in the organization.

  • Creative, independent with good problem-solving skills

  • A Certified in the Governance of Enterprise IT (CGEIT), COBIT 5 Certification qualification, or equivalent certifications.

  • Good to have certifications.

    • Certified in Risk and Information Systems Control (CRISC) 

    • Certified Information Systems Security Professional (CISSP) 

    • Certified Information Security Manager (CISM)

    • Certified Cloud Security Professional (CCSP)

What can you expect from us?

Impact: We are actively empowering and connecting people to a better financial future. Join us if you want to help us achieve our mission. 

Work: We have a team of over 400 talented individuals in 6 markets who are hyper passionate about building innovative financial solutions and making an impact on people’s lives. 

Culture: We take our work seriously but don’t hesitate to keep things light. We can only create magic when we have a little bit of fun. 

Thrive: We launched in 2014 and fast-forward 7 years we now help over 10 million monthly users make the best financial decisions. Accelerate your career and become a pioneer in your field with a leading fintech company that seeks to push the boundaries of your imagination and is committed to growing your career. 

Reputation: We are backed by world-class organizations and companies and have raised over US$110 million from investors including Experian, Pacific Century Group, IFC - a member of the World Bank Group

 
EEO Statement 
Hyphen Group is an equal opportunity employer. We value, support and respect all individuals and is committed to maintaining an inclusive and diverse working environment. Decisions in hiring are based on business needs, requirements of the job and individual qualifications and shall not be influenced by any consideration of race, ethnic or national origin, religion, sex (including gender identity and/or expression), age, sexual orientation, marital status, parental status, disability, genetic information, political affiliation or other applicable legally protected characteristics.