Job Description
Are you a seasoned IT professional with a passion for governance, risk management, and compliance? CBTW is looking for a dedicated Security and Compliance Referent (Delivery) to join our dynamic team in Pasay City. In this pivotal role, you will act as the guardian of our delivery operations, ensuring that our projects and service lines adhere to the highest international security standards.
As the Security Referent, you will bridge the gap between technical delivery teams and corporate security policies. You will be responsible for conducting rigorous risk assessments, managing compliance audits, and fostering a culture of security-first thinking across all service delivery channels. If you are detail-oriented, have a deep understanding of IT security frameworks, and excel at stakeholder management, we want to hear from you.
At CBTW, we prioritize innovation and operational excellence. You will have the opportunity to work in a collaborative environment, driving meaningful change and ensuring our clients' data and our internal systems remain robust against emerging threats.
Responsibilities
- Develop, implement, and maintain security policies and compliance frameworks within the delivery organization.
- Perform regular security audits and risk assessments to identify vulnerabilities in project delivery workflows.
- Act as the primary point of contact for internal and external compliance inquiries and certification audits.
- Monitor and enforce adherence to corporate security protocols, including ISO 27001, GDPR, and other industry-standard regulations.
- Collaborate with cross-functional teams to integrate security best practices into the software development life cycle (SDLC).
- Provide expert guidance to project managers on mitigation strategies for identified security risks.
- Document compliance activities and prepare detailed incident reports for leadership review.
Qualifications
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
- Minimum of 3-5 years of experience in IT Security, Risk Management, or Compliance roles.
- Solid understanding of international security standards (ISO 27001, SOC2, PCI-DSS, or NIST).
- Proven experience in conducting security assessments and managing remediation projects.
- Strong analytical and problem-solving skills with a focus on risk mitigation.
- Excellent communication and stakeholder management skills, capable of explaining technical risks to non-technical partners.
- Professional certification such as CISSP, CISM, CISA, or CRISC is highly desirable.