Information Security Governance Head

About the role

The Information Security Governance Head will lead the development and execution of an enterprise‑wide security strategy for the RCBC group, ensuring that information assets are protected in line with business objectives and regulatory requirements.

Key responsibilities

• Define and maintain the Information Security Program (ISP) including policies, standards and procedures.
• Drive compliance with security policies across all business units and monitor adherence.
• Design and run an information security awareness and training program for diverse stakeholder groups.
• Oversee detection, analysis and response to security incidents.
• Assess the effectiveness of security controls and recommend improvements.
• Collaborate with business owners and executives to align security requirements with operational needs.
• Report security risks and issues to senior management, the CRO and the Board of Directors.
• Stay current with BSP regulations, MORB updates and anti‑money‑laundering policies.

Required profile

• Graduate degree in a business‑related field.
• Minimum 7 years of experience in risk management and information security.
• At least 10 years of experience in IT governance, including development, implementation and maintenance.
• Professional certifications such as CISM, CISA, CRISC preferred.

Required skills

• Information security governance
• Risk management frameworks