SUBSIDIARY ABS-CBN Corporation
POSITION Information Security Lead (Content & InfoSec Division)
WORK LOCATION National Capital Region
WORK ARRANGEMENT TYPE Hybrid
DATE POSTED September 18, 2024

BUSINESS SUMMARY

ABS-CBN is considered one of the country’s leading media and entertainment companies, with service offerings across the different platforms of media, servicing a wide array of customer segments. 
 
As an organization, ABS-CBN affirms its mission of being in the service of the Filipino and all of its stakeholders worldwide. The company is driven to pioneer, innovate and adapt as it continues to provide information, news and entertainment that connects Filipinos with one another and with their community - wherever they may be. ABS-CBN is firmly committed to pursuing excellence. 

Prior to the shutdown of its broadcast operations in 2020, ABS-CBN was the largest television network in the Philippines. As a radio broadcast company, it operated 22 radio stations including anchor radio stations in Mega Manila, DZMM and DWRR, in the AM and FM bands, respectively. 
 
The company delivers television programming outside of the Philippines to over 3 million viewers in North America, the Middle East, Europe, Japan, Australia, Canada, and other countries in Asia, through the internet and the Company’s global distribution platform, TFC, using DTH satellite service, cable television channels, IPTV, mobile applications and video streaming services. Its offerings are further complemented by subsidiaries focused on other multimedia services such as film production, music recording, telecommunications, and magazine and book publishing. 

RESPONSIBILITIES

    The Lead, Information Security is accountable in ensuring that information security GRC (Governance, Risk and Compliance), Defensive Security (Cyber Monitoring, Response and Investigations) and Offensive Security (Vulnerability Management and Penetration Testing) functions are performed at an optimized level.
     
    • Assist CIS Head in Security Strategy and Policy Development
      • Develop, review and maintain information security policies, standards, guidelines and procedures.
      • Ensure alignment of the information security strategy with the ABS-CBN's business goals.
      • Identify and evaluate emerging security threats and technologies and identify ways to mitigate the risks.
    • Lead the Risk Management Function
      • Conduct regular risk assessments of ABS-CBNs digital assets and perform vulnerability assessments.
      • Develop and implement risk mitigation strategies.
      • Monitor and manage security incidents and breaches.
    • Help in Information Security Compliance and Audit Tracking
      • Ensure compliance with relevant regulations, standards, and frameworks (e.g., ISO 2700x,CIS, NIST, etc.).
      • Prepare for and support internal and external security audits.
      • Maintain documentation and evidence of compliance activities.
    • Review and Approve Security Awareness and Training Execution
      • Develop and deliver security awareness programs for employees.
      • Promote a culture of security within the organization.
      • Provide training and guidance to technical staff on security best practices.
    • Collaboration and Communication
      • Act as a liaison between the InfoSec team and other units to enhance cooperation for culture of security.
      • Communicate security-related issues to concerned business units
    • Security Operations
      • Oversee daily security operations, including monitoring and responding to security events.
      • Ensure proper configuration and management of security tools (e.g. endpoint security, network and cloud security technologies).
      • Coordinate with Technology Teams to ensure secure infrastructure and application deployments are safe and compliant.
      • Perform security administration and configuration for security specific systems and applications including but not limited to: SIEM/SOAR, VAPT Tools, Endpoint Security, Network Security, Cloud and Application Security Systems
      • Infrastructure related systems administration and maintenance will be handled by technology teams/partner including but not limited to: Server, Cloud and Virtualization, Network, Web and Applications not specific for security. 
    • Incident Response
      • Develop and maintain an incident response plan/ Playbook.
      • Lead and coordinate response efforts during security incidents.
      • Conduct post-incident analysis and implement lessons learned to improve security posture.
    • Threat Intelligence and Research
      • Stay informed about the latest security threats, vulnerabilities, and attack vectors.
      • Conduct threat modeling and penetration testing to identify security weaknesses.
      • Integrate threat intelligence into the overall security strategy.
    • Security Architecture and Design
      • Participate in the design and review of new systems, networks, and applications to ensure they meet security requirements.
      • Advise on secure architecture and development practices.
      • Implement security controls and technologies to protect data and infrastructure.
    • Other related tasks that may be assigned by the CIS Head.

REQUIREMENTS

    • Bachelor's Degree in a relevant area of study with a preference for Information Security, Computer Science, ECE or Computer Engineering
    • 5 years or more experience in Information Security
    • 2-3 years of people management experience
    • With 2-3 years of experience in L1 Security Operations
    • Have extensive knowledge of different security architectures, standards, technologies and concepts such as but not limited to VA/PT, SIEM, DLP for gateway and endpoints, NGFW, UTMs, IPS/IDS, WAF, Cloud Infrastructure, Security Operations Center, Digital Forensics, User Awareness platforms, Patch Management
    • 5 years or more previous experience monitoring and management of SIEM, XDR.
    • 2-3 years experience investigating security events, identifying threats and resolving vulnerabilities in large and complex environments.
    • Host-based and network analysis/forensics capability
    • Programming, system administration and information security skills
    • Demonstrated skills in reverse engineering and malware analysis
    • Threat Hunting and Intelligence experience.
    • Ethical hacking skills is a big plus
    • Understanding and knowledge of a broad range of technologies (Windows, Unix, authentication technologies, border networks)
    • Advance knowledge of IT security and solid understanding of Information Security concepts, risk management and practices
    • Ability to work on 24 x 7 x 365 shift rotation

Preference will be given to candidates who APPLY ONLINE.