About this role
<p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong><span style="background-color:white;color:#061dcb">Be #InGoodHands with Metrobank!</span></strong></span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!</span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong><span style="color:#061dcb">Job Summary:</span></strong></span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Develop and enforce security plans and standards; ensures that application security best practices are executed and implemented. Prepare the plans to deliver/implement the application security strategy prepared by the Security Architect. Provide support to the Security Architect in enterprise security projects including defining configuration standards, testing and implementation. Leads the research, evaluation and implementation of ISD security tools and small projects. Provide risk assessment support to CPSD and SQRD related to architecture for security concerns and/or security controls to be architected. Maintain and mature the security tools to ensure effective prevention and detection of incidents. Prepare the necessary documentation for project approval and implementation. Act as the subject matter expert on security of assigned technology domain/area (i.e., mobile application, web application, etc.).</span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong><span style="color:#061dcb">Specific Duties & Responsibilities:</span></strong></span></p> <p> </p> <ul> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Based on the approved IT security systems and application security architecture, develops detailed designs for implementation.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Formulate, review and maintain IT security policies, technical standards, internal ISD procedures and guidelines related to securing the information processing environment, IT facilities and connected third party services/providers of the Bank.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Provide support to CPSD and SQRD, serve as the security subject matter expert related to application security. Identify security design gaps in existing application systems and proposed architectures and recommend changes or enhancements.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Evaluate cost-effective solutions and prepare the business case for IT security projects.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Manage the testing of technical controls and monitors its implementation.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Define and document security tool/device standard configuration parameters. Ensures that application security tools are securely configured and functions effectively and efficiently.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Perform regular security configuration reviews, ensure efficacy of controls and use is optimized.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Monitor and if necessary, assist ITG administrators in ensuring problems of security devices/systems are timely resolved.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Review and/or evaluate vendor performance as part of VPRC process.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Review installation and changes to CI/CD pipeline.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Manages the implementation of baseline system security standards for application development.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Collaborates and coordinates with other ISD Departments to ensure that holistic ISD service is provided to internal customers.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Establish disaster recovery strategy of security tools implemented and ensures it is regularly tested for effectiveness.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Stay up to date with latest security technology and trends, vulnerabilities and threats.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Guide Infrastructure Security Specialists; review their work.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Proactively works with the SAID Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Perform other information security governance, risk and compliance related duties and responsibilities as directed by the SAID Head.</span></li> </ul> <p> </p> <p><span style="color:#061dcb;font-family:arial, helvetica, sans-serif;font-size:10.0pt"><strong>Job Specifications:</strong></span></p> <ul> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Extensive/in-depth knowledge and understanding of secure coding principles and OWASP Top 10.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Working experiences with designing/architecting CI/CD pipeline.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Certification may include SANS GIAC, CISSP, CISM, GWAPT, or equivalent.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">At least 3+ years’ experience in designing, implementing and maintaining application security solutions such as SAST, DAST, IAST, etc.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Analytical and risk identification skills to analyze a variety of information security related risk situations and develop recommendations on the best course of action</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Scripting and programming – computer programming and scripting skills is an advantage.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Strong written and oral communication skills to write technical reports on their assessments and communicate potential security weaknesses.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Should also be abreast with security best practices and knowledge of common and emerging security threats.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Self-starter, result-orientated in terms of disposition for corrective action to drive the remediation to reduce the risk exposure of the bank.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Have good teamwork and collaboration skills: good team players with the ability to lead security initiatives.</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Good project management skills to lead and manage accomplishments of assigned tasks/projects within the predetermined time-frame</span></li> <li style="font-family:arial, helvetica, sans-serif;font-size:10.0pt"><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">Good communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.</span></li> </ul>