Show more filters
Banner image for PJ Lhuillier Group of Companies

Cyber Security Compliance Officer

PJ Lhuillier Group of Companies

2.7
13 reviews
PJ Lhuillier Group of Companies
Job Type   /   Job Level
Full-time   /   Senior Executive
Company Location
Philippines
The role is responsible for supporting and maintaining the organization's cybersecurity governance, risk and compliance posture across applicable regulatory and industry frameworks.

Job Responsibilities

  • Conduct and support cybersecurity / information security risk assessments, including asset and threat identification, vulnerability and likelihood/impact analysis, risk scoring, and the development of risk treatment plans aligned to the organization's information security risk management methodology.
  • Maintain the information security risk register, track risk treatment progress and residual risk, and monitor open and overdue high-risk items against board-approved remediation timelines.
  • Support the design, maintenance, and continual improvement of the Information Security Management System in line with ISO/IEC 27001:2022, including the Statement of Applicability, risk treatment plans, and management review inputs.
  • Coordinate and prepare for internal and external audits and certification engagements (e.g., ISO 27001:2022, SOC 2 Type II), including evidence collection, control walkthroughs, gap remediation tracking, and auditor liaison.
  • Support SOC 2 Type II readiness specifically, including defining the observation period, ensuring controls operate consistently over that period, and assembling operating-effectiveness evidence (not just design).
  • Map and maintain control crosswalks across multiple frameworks (ISO 27001, SOC 2 Trust Services Criteria, NIST CSF 2.0, NIST SP 800-53/800-63B) and applicable regulations to avoid duplication and surface gaps.
  • Monitor compliance against BSP regulatory requirements (e.g., Circular 982, Circular 808, MORB technology and information security provisions) and, where relevant, Insurance Commission expectations, and track remediation of findings against board-approved timelines.

Job Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Information Security, Accounting/Audit or a related field.
  • 3–5 years of hands-on experience in cybersecurity compliance, IT audit, GRC, or information security risk management, ideally within a regulated industry (financial services preferred).
  • With hands-on experience conducting cybersecurity / information security risk assessments — asset/threat identification, risk scoring and risk treatment planning.
  • With demonstrated working knowledge of ISO/IEC 27001:2022 (ISMS), SOC 2 Type II and NIST frameworks (CSF and/or SP 800-series) including audit and certification lifecycles.
  • Has practical audit and compliance background: experience preparing for or supporting audits, managing evidence and tracking remediation including familiarity with the operating-effectiveness testing that distinguishes SOC 2 Type II from Type I.
  • With strong documentation skills with precise, source-grounded citation of standards and regulations.
  • With excellent analytical, communication and stakeholder-management skills.
Jobs in Philippines   »   Jobs in Makati, National Capital Region, Philippines   »   Cyber Security Compliance Officer

More jobs