Security Strategy and Risk Manager

Security Strategy and Risk Manager

Q2 Hr Solutions Inc
Metro Manila / NCR
8-10 years
Not Specified

Job Description

Our Exciting Opportunity!
MOAI has a team of security professionals supporting the business by setting the strategic direction for Information Security, IT Security, Privacy, Risk Management, Solution Security and Security Operations domains. The team provides support and guidance to all units in MOAI as well as other security and non-security functions across Ericsson.
The MOAI Security Strategy & Risk Manager is overall responsible for ensuring that MOAI maintains order and uniformity in our Security Risks in line with Group Policies and Directives. Also, the MOAI Security Strategy & Risk Manager is responsible for maintaining a structured and proactive approach for strategy execution and driving the MOAI Security tactical plan. The MOAI Security Strategy & Risk Manager reports to Head of MOAI Security.
Purpose of the Job:
The MOAI Security Strategy & Risk Manager is responsible in ensuring that we have a robust strategy/tactical plan developed and executed across all security domains. This function is also responsible for maintaining the MOAI security risk register in line with Group Directives. This role should ensure effective governance in MOAI and ensure security risks are managed and synchronized across all units in MOAI as well as with relevant stakeholders in all BAs/MAs/GFs. This role should ensure that risks are analyzed and categorized to make sure ISRA results can be presented to decision makers in a simple and comprehendible way.
The MOAI Strategy & Risk Manager reports directly to the Head of Security MOAI and have the following responsibilities across the MA:
  • Drive and coordinate strategy and tactical plan development and execution cross all domains in MOAI Security, ensuring targets are achieved.
  • Support the Head of Information Security in MOAI with Information Security Risks Assessment (ISRA) process.
  • Prepare material for governance meetings, e.g. MOAI Security LT, across all units. Be the point of aggregation in MOAI Security.
  • Contribute to internal and external security assessments or audits.
  • Ensure severe incidents are followed up on in SMB and other governance meetings and were applicable record decisions taken is such form.
  • Drive and consolidate Security Improvement plan based on input from Risks, internal assessments, audits and ISMS maturity.
  • Actively promote a well-functioning risk management practice in the MA.
  • Follow up on all Risk Treatment Plans (RTP) and ensure execution.
  • Handle risk escalations towards Group and other MAs/BAs.
  • Manage MOAI exemptions including risk assessment and life-cycle of the exemptions.
  • Analyze and consolidate key risks and trends in risk assessments.
  • Quality assurance of risk assessments, e.g. ISRA – Information Security Risk Assessments, Privacy Impact Assessment (PIA), Business Impact Assessment (BIA), etc., and ensure data is aggregated to comprehendible decision material.
  • Proactively support in improvements, simplification and automation of security and privacy risk management.
  • Support the Head in Information Security in MOAI in ensuring that MOAI have the right level of ISMS implementation to be compliant with the ISO27001 standard.
  • Ensure high and very high risks are escalated and followed up on in MOAI Security LT and other meetings, and where applicable record decisions taken is such forms.
  • Ensure establishment and compliance of secure and appropriate storage, e.g. Eridoc, teams, Sharepoint etc.
  • An annual Tactical Plan for MOAI Security.
  • An annual Dashboard for reporting on the Tactical Plan.
  • MOAI Security LT presentation material.
  • Continuous tracking of risks and mitigations.
  • Continuous tracking of security exemptions.
  • Aggregated ISRA decision material.
  • Audit material.
Typical Interfaces
  • Line Manager: Head of MOAI Security
  • MOAI Security LT
  • Group Security
  • Enterprise Security Directors
  • Customer Security Directors
  • MOAI Strategy, Marketing & Communications
  • MOAI compliance management
  • BA/MA/GF Security Risk peers
  • IT Security Risk function
Behavioral Competences
  • Adapting & responding to change
  • Adhering to Ericsson principles & values
  • Analyzing
  • Consultative approach
  • Coping with pressures & setbacks
  • Formulating strategies & concepts
  • Deciding and initiating action
  • Leading & supervising
  • Persuading & influencing
  • Planning & organizing
  • Working with people
  • Delivering results and meeting customer expectations
  • Personal traits and skills
  • Drive Competence development
  • Uncompromising integrity
  • Excelling execution
  • Embracing change
  • Enabling people
  • Courageous leadership
To be successful in the role the requirements are:
  • Strong knowledge in Ericsson Security Policies, Directives and Instructions & knowledge of Ericsson business environment
  • Strong educational and work experience in IT and Information Security with minimum 10 years of hands on experience in these domains
  • Knowledge of Information Security related standards and regulation, including ISO/IEC 27001, ISO27005, ISO 31000, SOC
  • Security and Risk Management training/certifications or equivalent experience
  • Ability to communicate and collaborate effectively
  • Strong problem-solving skills, results-oriented and a strong team player.
  • Knowledge of internal and external product portfolio related to security
  • Experience in project or program management
  • Experience in customer presentations and negotiations
  • Fluent in English (verbal and written)
  • Basic Qualifications:
  • Candidate must possess at least a Bachelor's/College Degree , Post Graduate Diploma / Master's Degree, Professional License (Passed Board/Bar/Professional License Exam), Post Graduate Diploma / Master's Degree, Computer Science/Information Technology, Engineering (Computer/Telecommunication) or equivalent.
  • At least 8 year(s) of working experience in the related field is required for this position.
  • Preferably Assistant Manager / Managers specializing in IT/Computer - Network/System/Database Admin or equivalent.
  • Full-Time position(s) available.

We are an HR Solutions company whose strength lies in the provision of innovative and cost-effective Recruitment and Human Resource consulting services in the Philippines. Visit for more information!

Our Vision
We own HR in the Philippines; uplifting hundreds of thousands of lives. Generating over a billion pesos in Revenue.

Our Mission
Uplift Lives as a Strategic HR Partner of companies that Value & Invest in their People.

About Recruiter




Active jobs

Functions : Finance & Accounts, IT

Industries : ITES/BPO

Skills/Roles I hire for: Developers, Database Administrator, Network Infrastructures

level Hiring For: Junior Level, Mid Level, High Level

Similar Jobs

Career Advice to Find Better