Regional Information Security Manager (Cybersecurity)

TL;DR

Regional Information Security Manager (Cybersecurity): Governing and improving information security and cyber risk exposure for the APAC region with an accent on regulatory compliance and risk governance. Focus on orchestrating RCSA cycles, monitoring KRIs/KPIs, and ensuring alignment with NIST CSF, ISO 27001, and APAC-specific frameworks (MAS, HKMA, APRA).

Location: Must be based in Makati City, Philippines

Company

One of the world’s largest fund administration and middle office solutions providers with over 13,000 employees across 112 offices worldwide.

What you will do

• Lead the APAC regional technical risk team to govern, monitor, and improve cyber risk exposure.
• Define and maintain regional KRIs/KPIs and lead multi-tower RCSA cycles in alignment with ISO 31000.
• Ensure conformity with NIST CSF 2.0, ISO/IEC 27001:2022, and PCI DSS v4.0.
• Manage compliance with APAC-specific regulatory frameworks, including MAS TRM (Singapore), HKMA (Hong Kong), and APRA CPS 234 (Australia).
• Deliver monthly APAC security posture reports and coordinate with infrastructure owners to remediate issues.
• Partner with BI and GRC teams to implement security dashboards and evidence repositories.

Requirements

• 5–10 years of experience in information security, cyber risk assurance, or GRC within financial services.
• Proven track record of delivering requirements for APAC regulators (MAS, HKMA, APRA).
• Deep knowledge of NIST CSF 2.0, ISO 27001, ISO 31000, COBIT 2019, and PCI DSS.
• Strong stakeholder management and executive presentation skills.
• Location: Based in Makati City, Philippines

Nice to have

• Certifications such as CISM, CRISC, ISO 27001 LA, or ISO 31000.
• Experience with cloud security (AWS, Azure, GCP).

Culture & Benefits

• Opportunity to be part of an expanding large global business.
• Competitive remuneration commensurate with skills and experience.
• Training and professional development opportunities.