Regulatory Engagements Tech. and Cyber / Deputy ICS Practice Lead Manila

This role will have two focus area. Primarily, the person in this role will manage technology and cyber regulatory and external audit engagements in region as well as internationally as prioritized by the function’s lead. This role will also act as deputy to ICS (Information and Cyber Security) practice lead in location (Philippines/Manilla) when required.

You will work closely with ICS subject matter experts, the ICS group as a whole, executive business management, Internal Audit, Compliance and risk functions, Privacy, Information Technology and other internal key stakeholders. In location you will also partner with location/ country management team as well as HR in order to support ICS team based in Manilla. 

The Role

Responsibilities 

This role will be based in Manilla, being primarily responsible for management of regulatory engagements and external audits/certification as prioritized. Additionally, the role, if required, will also support the delivery of Global Information and Cybersecurity (ICS) operations in the capacity of deputy to ICS Practice lead. 

Responsibilities of this role will include:

Regulatory Engagement (Primary role)

• Deputize, where required, for ICS Regulatory Engagements Lead
• Collaborate in the developing and shaping Regulatory engagement operating model and standard processes.
• Devise and upkeep templates and tools to assist in implementing various ICS Regulatory Engagement programs and reporting.
• Take lead in the implementation, alignment to, maintenance and monitoring of controls following Information Security standard and framework such as NIST, ISF, ISO 27001, PCI-DSS, SOC 1/2, Cyber Essentials, etc.
• Provide input and assist in shaping and improving Regulatory Engagement operating framework and processes.
• Collaborate with other functions – global as well as in country – to support both areas of responsibilities for the role. This includes Compliance, Privacy, technology partners, HR, in location/country business management.
• Work with technology functions to ensure appropriate controls are effectively implemented.
• Facilitate interfacing, attesting and demonstrating adherence to regulatory requirements with relevant authorities, regulators and external auditors.
• Proactively maintain visibility and track relevant state and industry laws, regulations and standards in APAC as well as other regions.
• Support the function in ascertain controls requirement changes based on regulations changes.
• Collaborate with the process/application/control owners to facilitate and/or devise appropriate action/remediation plans for identified gaps. Monitor and manage the delivery or closure of each identified gaps.
• Support ICS leadership in hiring processes relevant to the location

Deputize for ICS practice lead (Additional role - as and when required)

• Assist with day-to-day operations of ICS team members based in Manilla supporting the ICS Practice lead as required. 
• Represent ICS in location management meetings and local initiatives.
• Provide guidance, as deputy to ICS Practice Lead, and help identify right channel for information and cyber security concerns and requirements when required.
• Lead and mentor a team of ICS professionals in location - providing guidance, performance feedback, and support for their career development. 
• Collaborate with other functions – global as well as in country – to support both areas of responsibilities for the role. This includes Compliance, Privacy, technology partners, HR, in location/country business management.
• Ensure implementation and adherence of Information and Cyber security policy and standards.
• Support ICS leadership in hiring processes relevant to the location if required.

The Requirements

Skills and experience required:

• Possesses a combination of business, behavioral, and technical leadership skills – ability to navigate in a dynamic and complex organization, translate business requirements and manage stakeholder expectations. 
• Experience in working in a collaborative environment.
• Critically, you must be an effective implementer of common controls across multi regulated environment, abreast of relevant laws and regulations as it applies to Information and Cyber Security and IT related requirements, and familiar with different industry standards and best practices for Information and Cyber Security. 
• Demonstrable experience in analyzing and applying regulatory requirements to security practices.
• Sound knowledge and experience in managing compliance to technology, cybersecurity and privacy related regulations in APAC such as China Cyber Security Law, Multi-Level Protection Scheme (MLPS 2.0), Monetary Authority of Singapore (MAS) regulations, Insurance Regulatory and Development Authority of India (IRDA) regulations, Australia CPS 234, Bank of Negara’s relevant regulations, OJK of Indonesia relevant regulations, and other  cross-border or data localization related regulations in Asia Pacific.
• Familiarity with other technology, cybersecurity and privacy regulations such as but not limited to ISO 27001, GDPR, FCA, HIPAA, NYDFS, CCPA, SOX, SOC 1/2 etc.
• Familiarity with changes and trends in the regulatory landscape.
• Demonstrable ability to lead and execute across a range of business and functions with differing issues and interests.
• Sound knowledge in the implementation and compliance to other Information Security industry best practices and standards including but not limited to NIST, ISF, CE+, TISAX, Cobit, PCI-DSS, SOC1/2/3, etc.
• Sound knowledge on cloud environment, cybersecurity controls and best practices.
• Strong Project Management skills and experience.
• Excellent writing, presentation, and communication skills
• Experience with IT audit functions and IT controls are preferable.
• Proven ability to work in global collaborative group environment.
• Experience of working with a high degree of autonomy, managing own workload and delivering to tight timescales
• Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s.
• Excellent analytical problem-solving skills
• Experience of working in a regulated environment, not necessarily insurance or financial services are preferable.

Behaviors:

• Management skills including management of performance evaluations
• You must also be an excellent communicator, a supportive team player, resourceful, independent and adaptive to change.
• Ability to work under pressure and to resolve issues effectively
• Strong desire to continue to learn.
• Resourcefulness and organisational agility.
• Global team player with good interpersonal and influencing skills.
• Customer Focus/ Relationship Management.
• Personal learning.
• Organized and methodical.
• Integrity and Trust.

Qualifications:

• Qualified to degree level, in IT or security related subject.
• At least 10+ years’ work experience in Information Security.
• Information security certifications (e.g. CISSP, CCSP, CISA, CRISC, CISM, ISO 27001 LA) are preferable.
• Fluent in English language, both verbal and writing, is required.
• Ability to speak other Asian Non-English language is preferred.

WTW is an Equal Opportunity Employer