HEAD, SECURITY ARCHITECTURE AND INNOVATIONS DEPARTMENT

Be #InGoodHands with Metrobank!

Here at Metrobank, we don't simply hire employees—we hone future leaders. We provide opportunities that enhance your skills and unlock your talents, helping you evolve into a well-rounded individual. We supply you with all the pieces you need to do your best work, unleashing your full potential to help you secure your future and lead a fulfilling career. And with Metrobank's strong heart for the community, you have the chance to give back and make worthwhile contributions to our nation's economic and social development. With Metrobank, a meaningful life is within your reach!

Position Title: Platform Engineer

Specific Duties & Responsibilities:

• Develop a complete understanding of the Bank’s technology and information systems.
• Architect and implement security systems based on the Information Security roadmap and plan, results of security risk assessments, IT security best practices, IT and business strategy.
• Leads the development of a secure information system infrastructure design and architecture.
• Develop the specifications, processes and procedures for the implementation of capabilities that meets security requirements and resilient security infrastructure.
• Collaborates and coordinates with ITG the security architecture and infrastructure design to ensure alignment with IT plans and activities.
• Formulates and maintain IT security policies, technical standards, internal ISD procedures and guidelines related to securing the information processing environment, IT facilities and connected third party services/providers of the Bank. 
• Researches on new IT security architectures and solutions to keep abreast of new techniques to support the changing business environment and mitigate emerging threats.
• Serves as the information security subject matter expert on matters related to IT security architecture and infrastructure.  Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Manages the testing of security tools and infrastructure controls and monitors its implementation.  Ensures disaster recovery procedures of security infrastructure are established and tested.
• Ensures that IT security infrastructure projects make business sense without sacrificing the need for security controls and control objectives are met.  Prepares the business case for IT security projects.
• Ensures that IT security infrastructure is securely configured and functions effectively and efficiently, configuration of security tools are regularly reviewed to ensure efficacy and its use is optimized.
• Approve vendor performance review as part of VPRC process.
• Review and approve installation of and changes in security tools/infrastructure, VPN, routers, IDS scanning technologies, servers and network devices.
• Collaborates and coordinates with other ISD Departments to ensure that holistic ISD service is provided to internal customers.
• Proactively works with the Information Security Division Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.
• Manages utilization of resources within his/her department and performance of department officers and staff. Provide supervision and guidance to the team to ensure assigned function and tasks are completed.
• Prepare department management and performance reports and other reports as required.
• Performs other information security governance, risk and compliance related duties and responsibilities as directed by the Head of the Information Security Division

• Has deep understanding, strong working knowledge  and experience in building/implementing IT Systems Architecture/Infrastructure Security, authentication technologies, Server Security, Network Security, Database Security, Application Security, Communications Security, Data Security, High Level Code Review, Static and Dynamic Code Analysis, IT Security Risk Assessment, Vulnerability Assessment, Penetration Testing, Business Continuity, Physical Security, Operations Security and Cloud Secure architecture.
• Has at least 5 year experience in IT security and IT security risk assessment
• Solid understanding of security protocols, cryptography, authentication, authorization and security
• Security considerations of cloud computing, including data breaches, hacking, account hijacking, malicious insiders, third parties, authentication, APTs, data loss and DoS attacks
• Preferably with IT security related certification such as CISSP, CEH (or equivalent) GIAC, GSEC, etc.
• Extensive experience on IT security risk assessment
• Ability to think like a malicious hacker to anticipate and defend one’s organization against cyber security risks.
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
• People Management Skills: Ability to lead and work well with the team, internal, and external clients. Have good teamwork and collaboration skills: good team player with the ability to lead security initiatives, explain and enforce security measures.
• Good Project management skills: to lead and manage accomplishments of assigned tasks/risk assessment activities.
• Possess excellent time management skills, thrive in a fast paced demanding environment
• Be a self-managed, self-starter with good organizational skills
• Be able to work under pressure on multiple assessments/projects simultaneously
• Good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language, concise and easy to understand concepts.
• Conflict and Problem management Skills
• Knowledge in using MS office tools such as PowerPoint, word, excel and project