SUBSIDIARY ABS-CBN Corporation
POSITION Senior Security Analyst (Governance Risk and Compliance)
WORK LOCATION National Capital Region
DATE POSTED March 01, 2024

BUSINESS SUMMARY

ABS-CBN is considered one of the country’s leading media and entertainment companies, with service offerings across the different platforms of media, servicing a wide array of customer segments. 
 
As an organization, ABS-CBN affirms its mission of being in the service of the Filipino and all of its stakeholders worldwide. The company is driven to pioneer, innovate and adapt as it continues to provide information, news and entertainment that connects Filipinos with one another and with their community - wherever they may be. ABS-CBN is firmly committed to pursuing excellence. 

Prior to the shutdown of its broadcast operations in 2020, ABS-CBN was the largest television network in the Philippines. As a radio broadcast company, it operated 22 radio stations including anchor radio stations in Mega Manila, DZMM and DWRR, in the AM and FM bands, respectively. 
 
The company delivers television programming outside of the Philippines to over 3 million viewers in North America, the Middle East, Europe, Japan, Australia, Canada, and other countries in Asia, through the internet and the Company’s global distribution platform, TFC, using DTH satellite service, cable television channels, IPTV, mobile applications and video streaming services. Its offerings are further complemented by subsidiaries focused on other multimedia services such as film production, music recording, telecommunications, and magazine and book publishing. 

RESPONSIBILITIES

    Provide Information Security Senior Level support and expertise in the following areas but not limited to:  Governance, Risk and Compliance (GRC), Assist the defensive team in Security Monitoring, Incident Response, Threat Hunting and Intelligence. Gather inputs from Offensive Security team (Vulnerability Management, Penetration Testing and Application Security Review) to enhance risk treatment and policies- and-standards development.

    Performs risk assessment and provides recommendations cyber risk treatment strategies. Maintain and update the cyber risk register, monitor risk mitigation activities and reports risk profile of the organization. Update, review and develop information/cyber security policies, standards, guidelines, and procedures, making sure of its relevance and controls are in place for the emerging threat landscape.  

    Performs document review including but not limited to third party review, privacy and security assessments,  contracts, scope of works ensuring compliance and controls are in place. Plans, execute and measure content protection and information security awareness campaign in alignment to policies, compliance, and regulatory requirement on the organization.

    Assist in information security incident response, tracking risk mitigation and control implementation completion. Provides inputs to defensive security team to minimize incidents and gathers input from offensive security team to enhance risk mitigation and control implementation.

    Perform other tasks that maybe assigned by CIS head like project management, access control management, compliance-audit review among others.
     
     
    Responsibilities:
    • Performs risk assessment of new (projects, engagements, major changes) and existing systems.
    • Maintain and update the infosec risk register.
    • Reports (and escalate if needed) the risk profile of the organization.
    • Update, review and develop information/cyber/content security policies, standards, guidelines, and procedures.
    • Performs document review including but not limited to third party review, privacy and security assessments, contracts, scope of works ensuring compliance and controls are in place.
    • Plans, execute and measure content protection and information security awareness.
    • Reports the content and infosec awareness of the organization.
    • Works with other business units like Audit, Fraud Management and Technology Group to ensure policy compliance.
    • Act as a point of escalation for L1 Analysts in support of content and information security governance, risk and compliance issues.
    • Provide guidance and oversight on incident resolution, containment techniques, remediation, and recovery efforts.
    • Review and understand data collected from GRC metrics to recommend improvement initiatives.
    • Work with Content and Information Security Head to better security operations and address identified deficiencies.
    • Work with content protection team to automate and institutionalize content protection and anti-piracy activities.
    • Participate in evaluating, recommending, implementing controls, and troubleshooting security tools.
    • Other tasks that may be assigned by the CIS Head.

REQUIREMENTS

    • Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science, ECE or Computer Engineering
    • 5 years or more experience in Information Security, Governance, Risk Management, Audit and Compliance Experience
    • Working knowledge with different standards and best practices (Example: ISO27XX, NIST CSF, CIS Controls, OWASP, MPAA, PCI-DSS, Cloud Security Alliance)
    • Working knowledge of different security architectures, standards, technologies, and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management.
    • Experience investigating security events, identifying threats and resolving vulnerabilities in large and complex environments.
    • Host-based and network analysis/forensics capability
    • Knowledge in Programming, SDLC, Agile, Shift Left, DevSecOps Methodology
    • Asset and Systems Inventory, Change Management Experience
    • Knowledge in Ethical hacking 
    • Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
    • Advance knowledge of IT security and solid understanding of Information Security concepts, risk management and practices
    • People management skills
    • Excellent written and verbal communication and presentation skills.
    • Certifications may include CISM, CISA CRSC, CISSP, GSEC, CHFI, GCIH etc

Preference will be given to candidates who APPLY ONLINE.